// For flags

CVE-2006-0645

- libtasn1 buffer overflow

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-02-10 CVE Reserved
  • 2006-02-10 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (33)
URL Tag Source
http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup X_refsource_misc
http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup X_refsource_confirm
http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch X_refsource_misc
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html Mailing List
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html Mailing List
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html Mailing List
http://secunia.com/advisories/18794 Third Party Advisory
http://secunia.com/advisories/18815 Third Party Advisory
http://secunia.com/advisories/18830 Third Party Advisory
http://secunia.com/advisories/18832 Third Party Advisory
http://secunia.com/advisories/18898 Third Party Advisory
http://secunia.com/advisories/18918 Third Party Advisory
http://secunia.com/advisories/19080 Third Party Advisory
http://secunia.com/advisories/19092 Third Party Advisory
http://securityreason.com/securityalert/446 Third Party Advisory
http://securitytracker.com/id?1015612 Vdb Entry
http://www.gleg.net/protover_ssl.shtml X_refsource_misc
http://www.osvdb.org/23054 Vdb Entry
http://www.securityfocus.com/archive/1/424538/100/0/threaded Mailing List
http://www.securityfocus.com/bid/16568 Vdb Entry
http://www.vupen.com/english/advisories/2006/0496 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/24606 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540 Signature
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.1.0
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.1.0"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.1.1
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.1.1"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.1.2
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.1.2"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.0
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.0"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.1
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.1"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.2
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.2"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.3
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.3"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.4
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.4"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.5
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.5"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.6
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.6"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.7
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.7"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.8
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.8"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.9
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.9"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.10
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.10"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.11
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.11"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.12
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.12"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.13
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.13"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.14
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.14"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.15
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.15"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.16
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.16"
-
Affected
Free Software Foundation Inc.
Search vendor "Free Software Foundation Inc."
Libtasn1
Search vendor "Free Software Foundation Inc." for product "Libtasn1"
0.2.17
Search vendor "Free Software Foundation Inc." for product "Libtasn1" and version "0.2.17"
-
Affected