CVE-2006-0645

NameCVE-2006-0645
DescriptionTiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-985-1, DSA-986-1
Debian Bugs352182, 365234

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnutls11sourcesarge1.0.16-13.2DSA-986-1
gnutls11source(unstable)(unfixed)
gnutls12source(unstable)1.2.11-1
gnutls13source(unstable)1.3.5-1
libtasn1-2sourcesarge0.2.10-3sarge1DSA-985-1
libtasn1-2source(unstable)(unfixed)352182, 365234
libtasn1-3source(unstable)0.3.4-1

Notes

upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change

Search for package or bug name: Reporting problems