7.5

CVE-2006-0645

EPSS 3.72%
Veröffentlicht 10.02.2006 18:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 34

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Free Software Foundation Inc. ≫ Libtasn1 Version0.1.0

Free Software Foundation Inc. ≫ Libtasn1 Version0.1.1

Free Software Foundation Inc. ≫ Libtasn1 Version0.1.2

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.0

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.1

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.2

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.3

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.4

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.5

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.6

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.7

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.8

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.9

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.10

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.11

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.12

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.13

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.14

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.15

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.16

Free Software Foundation Inc. ≫ Libtasn1 Version0.2.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.72%	0.875

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup

http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup

http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch

http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html

http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html

http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html

http://rhn.redhat.com/errata/RHSA-2006-0207.html

http://secunia.com/advisories/18794

http://secunia.com/advisories/18815

http://secunia.com/advisories/18830

http://secunia.com/advisories/18832

http://secunia.com/advisories/18898

http://secunia.com/advisories/18918

http://secunia.com/advisories/19080

http://secunia.com/advisories/19092

http://securityreason.com/securityalert/446

http://securitytracker.com/id?1015612

http://www.debian.org/security/2006/dsa-985

http://www.debian.org/security/2006/dsa-986

http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml

http://www.gleg.net/protover_ssl.shtml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:039

http://www.osvdb.org/23054

http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html

http://www.securityfocus.com/archive/1/424538/100/0/threaded

http://www.securityfocus.com/bid/16568

http://www.trustix.org/errata/2006/0008

http://www.vupen.com/english/advisories/2006/0496

https://exchange.xforce.ibmcloud.com/vulnerabilities/24606

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540

https://usn.ubuntu.com/251-1/

https://nvd.nist.gov/vuln/detail/CVE-2006-0645

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0645

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0645

EUVD