CVE-2006-0645

NameCVE-2006-0645
DescriptionTiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-985-1, DSA-986-1
NVD severityhigh (attack range: remote)
Debian Bugs352182, 365234

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libtasn1-3 (PTS)wheezy2.13-2+deb7u2fixed
wheezy (security)2.13-2+deb7u5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnutls11source(unstable)(unfixed)high
gnutls11sourcesarge1.0.16-13.2highDSA-986-1
gnutls12source(unstable)1.2.11-1high
gnutls13source(unstable)1.3.5-1high
libtasn1-2source(unstable)(unfixed)high352182, 365234
libtasn1-2sourcesarge0.2.10-3sarge1highDSA-985-1
libtasn1-3source(unstable)0.3.4-1high

Notes

upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change

Search for package or bug name: Reporting problems