CVE-2006-4790

2006-09-1419:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

gnutls

vulnerability

rsa key

cve-2006-4790

nvd

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.063 Low

EPSS

Percentile

93.6%

JSON

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

CPENameOperatorVersion
gnu:gnutlsgnu gnutlseq1.2.8
gnu:gnutlsgnu gnutlseq1.1.14
gnu:gnutlsgnu gnutlseq1.4.1
gnu:gnutlsgnu gnutlseq1.2.11
gnu:gnutlsgnu gnutlseq1.1.21
gnu:gnutlsgnu gnutlseq1.0.20
gnu:gnutlsgnu gnutlseq1.2.5
gnu:gnutlsgnu gnutlseq1.0.17
gnu:gnutlsgnu gnutlseq1.2.4
gnu:gnutlsgnu gnutlseq1.3.1

CPE	Name	Operator	Version
gnu:gnutls	gnu gnutls	eq	1.2.8
gnu:gnutls	gnu gnutls	eq	1.1.14
gnu:gnutls	gnu gnutls	eq	1.4.1
gnu:gnutls	gnu gnutls	eq	1.2.11
gnu:gnutls	gnu gnutls	eq	1.1.21
gnu:gnutls	gnu gnutls	eq	1.0.20
gnu:gnutls	gnu gnutls	eq	1.2.5
gnu:gnutls	gnu gnutls	eq	1.0.17
gnu:gnutls	gnu gnutls	eq	1.2.4
gnu:gnutls	gnu gnutls	eq	1.3.1