CVE-2006-0645
First published: Fri Feb 10 2006(Updated: )
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libtasn1 (GNU) | =0.1.0 | |
| libtasn1 (GNU) | =0.1.1 | |
| libtasn1 (GNU) | =0.1.2 | |
| libtasn1 (GNU) | =0.2.0 | |
| libtasn1 (GNU) | =0.2.1 | |
| libtasn1 (GNU) | =0.2.2 | |
| libtasn1 (GNU) | =0.2.3 | |
| libtasn1 (GNU) | =0.2.4 | |
| libtasn1 (GNU) | =0.2.5 | |
| libtasn1 (GNU) | =0.2.6 | |
| libtasn1 (GNU) | =0.2.7 | |
| libtasn1 (GNU) | =0.2.8 | |
| libtasn1 (GNU) | =0.2.9 | |
| libtasn1 (GNU) | =0.2.10 | |
| libtasn1 (GNU) | =0.2.11 | |
| libtasn1 (GNU) | =0.2.12 | |
| libtasn1 (GNU) | =0.2.13 | |
| libtasn1 (GNU) | =0.2.14 | |
| libtasn1 (GNU) | =0.2.15 | |
| libtasn1 (GNU) | =0.2.16 | |
| libtasn1 (GNU) | =0.2.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.gleg.net/protover_ssl.shtml
- http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
- http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
- http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
- http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
- http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
- http://rhn.redhat.com/errata/RHSA-2006-0207.html
- http://www.osvdb.org/23054
- http://securitytracker.com/id?1015612
- http://secunia.com/advisories/18794
- http://secunia.com/advisories/18815
- http://secunia.com/advisories/18830
- http://secunia.com/advisories/18832
- http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
- http://www.securityfocus.com/bid/16568
- http://secunia.com/advisories/18918
- http://secunia.com/advisories/18898
- http://www.trustix.org/errata/2006/0008
- http://www.debian.org/security/2006/dsa-986
- http://www.debian.org/security/2006/dsa-985
- http://secunia.com/advisories/19080
- http://secunia.com/advisories/19092
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:039
- http://securityreason.com/securityalert/446
- http://www.vupen.com/english/advisories/2006/0496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24606
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
- https://usn.ubuntu.com/251-1/
- http://www.securityfocus.com/archive/1/424538/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0645?
CVE-2006-0645 has been classified as a high severity vulnerability due to its potential to crash systems and execute arbitrary code.
How do I fix CVE-2006-0645?
To mitigate CVE-2006-0645, upgrade the Tiny ASN.1 Library (libtasn1) to version 0.2.18 or later.
What software is affected by CVE-2006-0645?
CVE-2006-0645 affects versions of the Tiny ASN.1 Library (libtasn1) prior to 0.2.18, as well as GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4.
What type of attack does CVE-2006-0645 facilitate?
CVE-2006-0645 can be exploited through invalid input that leads to out-of-bounds access, potentially causing application crashes.
When was CVE-2006-0645 disclosed?
CVE-2006-0645 was disclosed in February 2006, highlighting vulnerabilities in several versions of libtasn1 and GnuTLS.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/free software foundation inc.
- canonical/libtasn1 (gnu)
- version/libtasn1 (gnu)/0.1.0
- version/libtasn1 (gnu)/0.1.1
- version/libtasn1 (gnu)/0.1.2
- version/libtasn1 (gnu)/0.2.0
- version/libtasn1 (gnu)/0.2.1
- version/libtasn1 (gnu)/0.2.2
- version/libtasn1 (gnu)/0.2.3
- version/libtasn1 (gnu)/0.2.4
- version/libtasn1 (gnu)/0.2.5
- version/libtasn1 (gnu)/0.2.6
- version/libtasn1 (gnu)/0.2.7
- version/libtasn1 (gnu)/0.2.8
- version/libtasn1 (gnu)/0.2.9
- version/libtasn1 (gnu)/0.2.10
- version/libtasn1 (gnu)/0.2.11
- version/libtasn1 (gnu)/0.2.12
- version/libtasn1 (gnu)/0.2.13
- version/libtasn1 (gnu)/0.2.14
- version/libtasn1 (gnu)/0.2.15
- version/libtasn1 (gnu)/0.2.16
- version/libtasn1 (gnu)/0.2.17