Home > Vulnerability Database > CVE-2006-0645

Mend.io Vulnerability Database

CVE-2006-0645

Date: February 10, 2006

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

Severity Score

7.3

Related Resources (34)

Url: http://www.debian.org/security/2006/dsa-986

Url: http://www.debian.org/security/2006/dsa-985

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/24606

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540

Url: http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html

Url: http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html

Url: http://secunia.com/advisories/18794

Url: http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup

Url: http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-0645

Url: http://secunia.com/advisories/19080

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:039

Url: http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html

Url: https://usn.ubuntu.com/251-1/

Url: http://securityreason.com/securityalert/446

Url: http://secunia.com/advisories/18918

Url: http://www.vupen.com/english/advisories/2006/0496

Url: http://secunia.com/advisories/18815

Url: http://secunia.com/advisories/18832

Url: http://secunia.com/advisories/18898

Url: http://rhn.redhat.com/errata/RHSA-2006-0207.html

Url: http://secunia.com/advisories/18830

Url: http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml

Url: http://securitytracker.com/id?1015612

Url: http://www.gleg.net/protover_ssl.shtml

Url: http://www.securityfocus.com/archive/1/424538/100/0/threaded

Url: http://www.osvdb.org/23054

Url: http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup

Url: http://www.trustix.org/errata/2006/0008

Url: http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0645

Url: http://secunia.com/advisories/19092

Url: http://www.securityfocus.com/bid/16568

Url: https://www.mend.io/vulnerability-database/CVE-2006-0645

Severity Score

7.3

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-0645

Date: February 10, 2006

Severity Score

Related Resources (34)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?