CVE-2006-4790

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 14 Sept 2006, 19:00
Last modified:07 Aug 2024, 19:23

Vulnerability Summary

Overall Risk (default)
low
21/100
CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
5.17% LOW
5% probability +2.13%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Sept 2006, 19:00
Published
Vulnerability first disclosed
07 Aug 2024, 19:23
Last Modified
Vulnerability information updated

Description

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

CVSS Metrics

  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 5.17% Percentile: 90%

Affected Systems

  • gnugnutls

    1.0.17 | 1.0.18 | 1.0.19 | 1.0.20 | 1.0.21 | 1.0.22 | 1.0.23 | 1.0.24 | 1.0.25 | 1.1.14 | 1.1.15 | 1.1.16 | 1.1.17 | 1.1.18 | 1.1.19 | 1.1.20 | 1.1.21 | 1.1.22 | 1.1.23 | 1.2.0 | 1.2.1 | 1.2.2 | 1.2.3 | 1.2.4 | 1.2.5 | 1.2.6 | 1.2.7 | 1.2.8 | 1.2.8.1a1 | 1.2.9 | 1.2.10 | 1.2.11 | 1.3.0 | 1.3.1 | 1.3.2 | 1.3.3 | 1.3.4 | 1.3.5 | 1.4.0 | 1.4.1

References (30)