漏洞信息(CVE-2006-0645)

一、漏洞 CVE-2006-0645 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

在0.2.18之前，使用(1)GnuTLS 1.2.x在1.2.10之前和1.3.x在1.3.4之前，以及(2)GNU Shishi的tiny ASN.1库(libtasn1)，允许攻击者通过由无效输入引起的“越界访问”崩溃DER解码器，并可能执行任意代码，这通过ProtoVer SSL测试套件得到了证明。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

GNUTLS LibTASN1 DER 拒绝服务漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Libtasn1是GNU项目的一个用于开发ASN.1（Abstract Syntax Notation One，用于描述数据的表示、编码、传输、解码的标准）结构管理的C库。 libtASN1的DER解码器中存在拒绝服务漏洞，如果使用了libtASN1库的程序接收处理特制的恶意输入报文的话，可以导致解码器崩溃。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

其他

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2006-0645 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2006-0645 的情报信息

http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch x_refsource_MISC
http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup x_refsource_MISC
http://www.gleg.net/protover_ssl.shtml x_refsource_MISC
http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup x_refsource_CONFIRM
http://securityreason.com/securityalert/446 third-party-advisory x_refsource_SREASON
http://secunia.com/advisories/18815 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/18898 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/19080 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/18832 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/16568 vdb-entry x_refsource_BID
http://secunia.com/advisories/18830 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/19092 third-party-advisory x_refsource_SECUNIA
http://www.osvdb.org/23054 vdb-entry x_refsource_OSVDB
http://secunia.com/advisories/18794 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/18918 third-party-advisory x_refsource_SECUNIA
http://securitytracker.com/id?1015612 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2006/dsa-986 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2006/dsa-985 vendor-advisory x_refsource_DEBIAN
http://www.trustix.org/errata/2006/0008 vendor-advisory x_refsource_TRUSTIX
https://usn.ubuntu.com/251-1/ vendor-advisory x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2006/0496 vdb-entry x_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml vendor-advisory x_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDKSA-2006:039 vendor-advisory x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2006-0207.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html vendor-advisory x_refsource_FEDORA
http://www.securityfocus.com/archive/1/424538/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540 vdb-entry signature x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/24606 vdb-entry x_refsource_XF
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html mailing-list x_refsource_MLIST
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html mailing-list x_refsource_MLIST
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html mailing-list x_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2006-0645

一、 漏洞 CVE-2006-0645 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2006-0645 的公开POC

三、漏洞 CVE-2006-0645 的情报信息

一、漏洞 CVE-2006-0645 基础信息