7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.03 Low
EPSS
Percentile
91.0%
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via “out-of-bounds access” caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup
josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup
josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch
lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html
lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html
rhn.redhat.com/errata/RHSA-2006-0207.html
secunia.com/advisories/18794
secunia.com/advisories/18815
secunia.com/advisories/18830
secunia.com/advisories/18832
secunia.com/advisories/18898
secunia.com/advisories/18918
secunia.com/advisories/19080
secunia.com/advisories/19092
securityreason.com/securityalert/446
securitytracker.com/id?1015612
www.debian.org/security/2006/dsa-985
www.debian.org/security/2006/dsa-986
www.gentoo.org/security/en/glsa/glsa-200602-08.xml
www.gleg.net/protover_ssl.shtml
www.mandriva.com/security/advisories?name=MDKSA-2006:039
www.osvdb.org/23054
www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html
www.securityfocus.com/archive/1/424538/100/0/threaded
www.securityfocus.com/bid/16568
www.trustix.org/errata/2006/0008
www.vupen.com/english/advisories/2006/0496
exchange.xforce.ibmcloud.com/vulnerabilities/24606
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
usn.ubuntu.com/251-1/