cvelist/2006/0xxx/CVE-2006-0645.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2006-0645",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via \"out-of-bounds access\" caused by invalid input, as demonstrated by the ProtoVer SSL test suite."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "20060209 ProtoVer SSL: GnuTLS",
            "refsource" : "BUGTRAQ",
            "url" : "http://www.securityfocus.com/archive/1/424538/100/0/threaded"
         },
         {
            "name" : "http://www.gleg.net/protover_ssl.shtml",
            "refsource" : "MISC",
            "url" : "http://www.gleg.net/protover_ssl.shtml"
         },
         {
            "name" : "http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch",
            "refsource" : "MISC",
            "url" : "http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch"
         },
         {
            "name" : "[gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release",
            "refsource" : "MLIST",
            "url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html"
         },
         {
            "name" : "[gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release",
            "refsource" : "MLIST",
            "url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html"
         },
         {
            "name" : "[gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release",
            "refsource" : "MLIST",
            "url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html"
         },
         {
            "name" : "http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup",
            "refsource" : "MISC",
            "url" : "http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup"
         },
         {
            "name" : "http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup",
            "refsource" : "CONFIRM",
            "url" : "http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup"
         },
         {
            "name" : "DSA-985",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2006/dsa-985"
         },
         {
            "name" : "DSA-986",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2006/dsa-986"
         },
         {
            "name" : "FEDORA-2006-107",
            "refsource" : "FEDORA",
            "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html"
         },
         {
            "name" : "GLSA-200602-08",
            "refsource" : "GENTOO",
            "url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml"
         },
         {
            "name" : "MDKSA-2006:039",
            "refsource" : "MANDRIVA",
            "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:039"
         },
         {
            "name" : "RHSA-2006:0207",
            "refsource" : "REDHAT",
            "url" : "http://rhn.redhat.com/errata/RHSA-2006-0207.html"
         },
         {
            "name" : "2006-0008",
            "refsource" : "TRUSTIX",
            "url" : "http://www.trustix.org/errata/2006/0008"
         },
         {
            "name" : "USN-251-1",
            "refsource" : "UBUNTU",
            "url" : "https://usn.ubuntu.com/251-1/"
         },
         {
            "name" : "16568",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/16568"
         },
         {
            "name" : "oval:org.mitre.oval:def:10540",
            "refsource" : "OVAL",
            "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540"
         },
         {
            "name" : "ADV-2006-0496",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2006/0496"
         },
         {
            "name" : "23054",
            "refsource" : "OSVDB",
            "url" : "http://www.osvdb.org/23054"
         },
         {
            "name" : "1015612",
            "refsource" : "SECTRACK",
            "url" : "http://securitytracker.com/id?1015612"
         },
         {
            "name" : "18794",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/18794"
         },
         {
            "name" : "18815",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/18815"
         },
         {
            "name" : "18830",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/18830"
         },
         {
            "name" : "18832",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/18832"
         },
         {
            "name" : "18918",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/18918"
         },
         {
            "name" : "18898",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/18898"
         },
         {
            "name" : "19080",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/19080"
         },
         {
            "name" : "19092",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/19092"
         },
         {
            "name" : "446",
            "refsource" : "SREASON",
            "url" : "http://securityreason.com/securityalert/446"
         },
         {
            "name" : "gnutls-libtasn1-der-dos(24606)",
            "refsource" : "XF",
            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24606"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2006-0645",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via \"out-of-bounds access\" caused by invalid input, as demonstrated by the ProtoVer SSL test suite."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "20060209 ProtoVer SSL: GnuTLS",`
			`"refsource" : "BUGTRAQ",`
- Synchronized data. 2018-10-19 11:05:17 -04:00			`"url" : "http://www.securityfocus.com/archive/1/424538/100/0/threaded"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://www.gleg.net/protover_ssl.shtml",`
			`"refsource" : "MISC",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.gleg.net/protover_ssl.shtml"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch",`
			`"refsource" : "MISC",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release",`
			`"refsource" : "MLIST",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release",`
			`"refsource" : "MLIST",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release",`
			`"refsource" : "MLIST",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup",`
			`"refsource" : "MISC",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-985",`
			`"refsource" : "DEBIAN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.debian.org/security/2006/dsa-985"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-986",`
			`"refsource" : "DEBIAN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.debian.org/security/2006/dsa-986"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2006-107",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "GLSA-200602-08",`
			`"refsource" : "GENTOO",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "MDKSA-2006:039",`
			`"refsource" : "MANDRIVA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:039"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2006:0207",`
			`"refsource" : "REDHAT",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://rhn.redhat.com/errata/RHSA-2006-0207.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "2006-0008",`
			`"refsource" : "TRUSTIX",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.trustix.org/errata/2006/0008"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "USN-251-1",`
			`"refsource" : "UBUNTU",`
- Synchronized data. 2018-10-03 17:05:39 -04:00			`"url" : "https://usn.ubuntu.com/251-1/"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "16568",`
			`"refsource" : "BID",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.securityfocus.com/bid/16568"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "oval:org.mitre.oval:def:10540",`
			`"refsource" : "OVAL",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "ADV-2006-0496",`
			`"refsource" : "VUPEN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.vupen.com/english/advisories/2006/0496"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "23054",`
			`"refsource" : "OSVDB",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.osvdb.org/23054"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "1015612",`
			`"refsource" : "SECTRACK",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://securitytracker.com/id?1015612"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "18794",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/18794"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "18815",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/18815"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "18830",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/18830"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "18832",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/18832"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "18918",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/18918"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "18898",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/18898"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "19080",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/19080"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "19092",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/19092"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "446",`
			`"refsource" : "SREASON",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://securityreason.com/securityalert/446"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "gnutls-libtasn1-der-dos(24606)",`
			`"refsource" : "XF",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24606"`
			`}`
			`]`
			`}`
			`}`