Vulnerability CVE-2006-0645
Published: 2006-02-10   Modified: 2012-02-12

Description:
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
libtasn vulnerability
Martin Pitt
17.02.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Free software foundation inc. -> Libtasn1 

 References:
http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
http://rhn.redhat.com/errata/RHSA-2006-0207.html
http://securityreason.com/securityalert/446
http://securitytracker.com/id?1015612
http://www.debian.org/security/2006/dsa-985
http://www.debian.org/security/2006/dsa-986
http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
http://www.gleg.net/protover_ssl.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:039
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
http://www.securityfocus.com/archive/1/424538/100/0/threaded
http://www.securityfocus.com/bid/16568
http://www.trustix.org/errata/2006/0008
http://www.vupen.com/english/advisories/2006/0496
https://exchange.xforce.ibmcloud.com/vulnerabilities/24606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
https://usn.ubuntu.com/251-1/
Copyright 2024, cxsecurity.com

 

Back to Top