Vulnerability Description
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Free Software Foundation Inc. | Libtasn1 | 0.1.0 |
References
- http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
- http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=ma
- http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
- http://rhn.redhat.com/errata/RHSA-2006-0207.html
- http://secunia.com/advisories/18794
- http://secunia.com/advisories/18815
- http://secunia.com/advisories/18830
- http://secunia.com/advisories/18832
- http://secunia.com/advisories/18898
- http://secunia.com/advisories/18918
- http://secunia.com/advisories/19080
- http://secunia.com/advisories/19092
FAQ
What is CVE-2006-0645?
CVE-2006-0645 is a vulnerability with a CVSS score of 7.5 (HIGH). Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitr...
How severe is CVE-2006-0645?
CVE-2006-0645 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0645?
Check the references section above for vendor advisories and patch information. Affected products include: Free Software Foundation Inc. Libtasn1.