CVE-2006-0645

NameCVE-2006-0645
DescriptionTiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-985-1, DSA-986-1
NVD severityhigh
Debian Bugs352182, 365234

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnutls11source(unstable)(unfixed)
gnutls11sourcesarge1.0.16-13.2DSA-986-1
gnutls12source(unstable)1.2.11-1
gnutls13source(unstable)1.3.5-1
libtasn1-2source(unstable)(unfixed)352182, 365234
libtasn1-2sourcesarge0.2.10-3sarge1DSA-985-1
libtasn1-3source(unstable)0.3.4-1

Notes

upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change

Search for package or bug name: Reporting problems