← volver
CVE-2006-4790

CVE-2006-4790

EPSS 2.4%
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.htmlhttp://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.htmlhttp://secunia.com/advisories/21937http://secunia.com/advisories/21942http://secunia.com/advisories/21973http://secunia.com/advisories/22049http://secunia.com/advisories/22080http://secunia.com/advisories/22084http://secunia.com/advisories/22097http://secunia.com/advisories/22226http://secunia.com/advisories/22992http://secunia.com/advisories/25762