CVE-2006-0645

Name of the Vulnerable Software and Affected Versions GnuTLS versions 1.2.x through 1.2.9 GnuTLS versions 1.3.x through 1.3.3 Tiny ASN.1 Library (libtasn1) versions 0.2.17 and earlier

Description The issue allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input. Exploitation of the vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For GnuTLS versions 1.2.x through 1.2.9, update to version 1.2.10 or later. For GnuTLS versions 1.3.x through 1.3.3, update to version 1.3.4 or later. For Tiny ASN.1 Library (libtasn1) versions 0.2.17 and earlier, update to version 0.2.18 or later.