← Back to CVEs
CVE-2006-0645
N/ADescription
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
CVE Details
CVSS v3.1 ScoreN/A
Published2/10/2006
Last Modified4/16/2026
Sourcenvd
Honeypot Sightings0
Affected Products
free_software_foundation_inc.:libtasn1
References
http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup(secalert@redhat.com)
http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup(secalert@redhat.com)
http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch(secalert@redhat.com)
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html(secalert@redhat.com)
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html(secalert@redhat.com)
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2006-0207.html(secalert@redhat.com)
http://secunia.com/advisories/18794(secalert@redhat.com)
http://secunia.com/advisories/18815(secalert@redhat.com)
http://secunia.com/advisories/18830(secalert@redhat.com)
http://secunia.com/advisories/18832(secalert@redhat.com)
http://secunia.com/advisories/18898(secalert@redhat.com)
http://secunia.com/advisories/18918(secalert@redhat.com)
http://secunia.com/advisories/19080(secalert@redhat.com)
http://secunia.com/advisories/19092(secalert@redhat.com)
http://securityreason.com/securityalert/446(secalert@redhat.com)
http://securitytracker.com/id?1015612(secalert@redhat.com)
http://www.debian.org/security/2006/dsa-985(secalert@redhat.com)
http://www.debian.org/security/2006/dsa-986(secalert@redhat.com)
http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml(secalert@redhat.com)
http://www.gleg.net/protover_ssl.shtml(secalert@redhat.com)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:039(secalert@redhat.com)
http://www.osvdb.org/23054(secalert@redhat.com)
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html(secalert@redhat.com)
http://www.securityfocus.com/archive/1/424538/100/0/threaded(secalert@redhat.com)
http://www.securityfocus.com/bid/16568(secalert@redhat.com)
http://www.trustix.org/errata/2006/0008(secalert@redhat.com)
http://www.vupen.com/english/advisories/2006/0496(secalert@redhat.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24606(secalert@redhat.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540(secalert@redhat.com)
https://usn.ubuntu.com/251-1/(secalert@redhat.com)
http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup(af854a3a-2127-422b-91ae-364da2661108)
http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup(af854a3a-2127-422b-91ae-364da2661108)
http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch(af854a3a-2127-422b-91ae-364da2661108)
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2006-0207.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18794(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18815(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18830(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18832(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18898(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18918(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19080(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19092(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/446(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015612(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-985(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-986(af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml(af854a3a-2127-422b-91ae-364da2661108)
http://www.gleg.net/protover_ssl.shtml(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:039(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/23054(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/424538/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16568(af854a3a-2127-422b-91ae-364da2661108)
http://www.trustix.org/errata/2006/0008(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0496(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24606(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/251-1/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.