CVE ID:	CVE-2006-0645
Description:	Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
Test IDs:	1.3.6.1.4.1.25623.1.0.56334   1.3.6.1.4.1.25623.1.0.56300   1.3.6.1.4.1.25623.1.0.56347   1.3.6.1.4.1.25623.1.0.56247   1.3.6.1.4.1.25623.1.0.65506   1.3.6.1.4.1.25623.1.0.56596   1.3.6.1.4.1.25623.1.0.56358   1.3.6.1.4.1.25623.1.0.62616   1.3.6.1.4.1.25623.1.0.56327   1.3.6.1.4.1.25623.1.0.56359   1.3.6.1.4.1.25623.1.0.56249
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0645 1015612 http://securitytracker.com/id?1015612 16568 http://www.securityfocus.com/bid/16568 18794 http://secunia.com/advisories/18794 18815 http://secunia.com/advisories/18815 18830 http://secunia.com/advisories/18830 18832 http://secunia.com/advisories/18832 18898 http://secunia.com/advisories/18898 18918 http://secunia.com/advisories/18918 19080 http://secunia.com/advisories/19080 19092 http://secunia.com/advisories/19092 2006-0008 http://www.trustix.org/errata/2006/0008 20060209 ProtoVer SSL: GnuTLS http://www.securityfocus.com/archive/1/424538/100/0/threaded 23054 http://www.osvdb.org/23054 446 http://securityreason.com/securityalert/446 ADV-2006-0496 http://www.vupen.com/english/advisories/2006/0496 DSA-985 http://www.debian.org/security/2006/dsa-985 DSA-986 http://www.debian.org/security/2006/dsa-986 FEDORA-2006-107 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html GLSA-200602-08 http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml MDKSA-2006:039 http://www.mandriva.com/security/advisories?name=MDKSA-2006:039 RHSA-2006:0207 http://rhn.redhat.com/errata/RHSA-2006-0207.html USN-251-1 https://usn.ubuntu.com/251-1/ [gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html [gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html [gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html gnutls-libtasn1-der-dos(24606) https://exchange.xforce.ibmcloud.com/vulnerabilities/24606 http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch http://www.gleg.net/protover_ssl.shtml http://www.gleg.net/protover_ssl.shtml oval:org.mitre.oval:def:10540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540