CVE-2006-0645

Publication date 10 February 2006

Last updated 17 July 2025

Ubuntu priority

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libtasn1-2	7.04 feisty	Not in release
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 0.2.17-1ubuntu1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-251-1
libtasn vulnerability
17 February 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-0645