CVE-2006-7239
Vulnerability from cvelistv5
Published
2010-05-24 19:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "[gnutls-dev] 20060812 GnuTLS 1.4.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html"
},
{
"name": "[gnutls-dev] 20060812 Re: [Fwd: crash in GNUTLS-1.4.0]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-24T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "[gnutls-dev] 20060812 GnuTLS 1.4.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html"
},
{
"name": "[gnutls-dev] 20060812 Re: [Fwd: crash in GNUTLS-1.4.0]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-7239",
"datePublished": "2010-05-24T19:00:00Z",
"dateReserved": "2010-05-24T00:00:00Z",
"dateUpdated": "2024-08-07T20:57:41.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2006-7239\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-05-24T19:30:01.270\",\"lastModified\":\"2024-11-21T00:24:42.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n _gnutls_x509_oid2mac_algorithm en lib/gnutls_algorithms.c de GnuTLS anterior a v1.4.2. Permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un certificado X.509 manipulado que utiliza un algoritmo hash no soportado por GnuTLS, lo que provoca una deferencia a puntero nulo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.1\",\"matchCriteriaId\":\"ABCDA0A7-FF39-42BC-977D-52EDDBF7B473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8856E1B1-8007-42E5-82EF-4700D4DEEDDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9CF40D3-CE03-4C2A-8EEF-EB5989291806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC60D4CC-922C-4941-A400-0CBEAC7F31D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754A0D19-A17A-4007-8355-497D14CFCBF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8140DBE1-8116-4051-9A57-07535586E0AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1CC840D-AD01-4EE2-8652-06742A6286BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84224A82-6D58-4000-A449-20C1632DAE85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A466931C-769A-4A28-B072-10930CE655E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEE50AC-8730-4F04-B57C-6BDF8B957F6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F621DC-7967-4D97-A562-02E7033C89C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"776E5481-399F-45BC-AD20-A18508B03916\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63D7F972-9128-4A4D-8508-B38CE2F155E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D56873-E8C5-4E4B-BB85-6DCF6526B453\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54FE4766-32D0-491E-8C71-5B998C468142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F980857-2364-466A-8366-BD017D242222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A2E649D-5C45-4412-927B-E3EDCE07587C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"066175C2-6E96-4BAE-B1A6-B23D25547FAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"869D3010-67AE-44D0-BB8F-D9C410AEA1D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"052B40C1-C29B-4189-9A45-DAE873AB716D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02F71E61-7455-4E10-B9D8-2B7FDDFB10F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B588AAE0-8C3F-47C7-812F-8C97BD8795E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB9154B-4254-4F33-8DB2-5B96E2DA4931\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2EA79D1-2EA8-4040-A5B5-C93EE937945A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61D05BC3-1315-4AC7-884D-41459272C94B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2901E522-6F54-4FA5-BF22-463A9D6B53D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"738F29DA-9741-4BA5-B370-417443A3AC2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52173492-1031-4AA4-A600-6210581059D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB636C36-2884-4F66-B68A-4494AEAF90C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC4231BD-201D-4B10-9E35-B9EEFC714F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C9200C3-0F46-4238-918B-38D95BF11547\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"024A9511-7CB4-4681-8429-0FE7FC34DF1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34CEF5ED-87A5-44B2-8A4A-9896957C057B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B84A4F5-CED7-4633-913F-BE8235F68616\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97564ABD-F9CE-4B3C-978A-1622DE3E4924\"}]}]}],\"references\":[{\"url\":\"http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.gnu.org/software/gnutls/security.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.gnu.org/software/gnutls/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.