ID CVE-2006-3894
Summary The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
References
Vulnerable Configurations
  • cpe:2.3:a:rsa:bsafe_cert-c:-:*:*:*:*:*:*:*
    cpe:2.3:a:rsa:bsafe_cert-c:-:*:*:*:*:*:*:*
  • cpe:2.3:a:rsa:bsafe_cert-c:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:rsa:bsafe_cert-c:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rsa:bsafe_crypto-c:-:*:*:*:*:*:*:*
    cpe:2.3:a:rsa:bsafe_crypto-c:-:*:*:*:*:*:*:*
  • cpe:2.3:a:rsa:bsafe_crypto-c:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:rsa:bsafe_crypto-c:6.3:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2009-12-21T04:00:39.821-05:00
class vulnerability
contributors
  • name Yuzheng Zhou
    organization Hewlett-Packard
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Thomas R. Jones
    organization Maitreya Security
description The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
family ios
id oval:org.mitre.oval:def:5778
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title RSA BSAFE Cyrpt-C and Cert-C Libraries ASN.1 Object Parsing DoS Vulnerability
version 4
refmap via4
bid 24104
cert-vn VU#754281
cisco 20070522 Vulnerability In Crypto Library
confirm
osvdb 35338
sectrack 1018095
secunia
  • 25343
  • 25364
  • 25399
vupen
  • ADV-2007-1908
  • ADV-2007-1909
  • ADV-2007-1945
xf multiple-crypto-asn1-dos(34430)
Last major update 11-10-2017 - 01:31
Published 22-05-2007 - 19:30
Last modified 11-10-2017 - 01:31
Back to Top