CVE-2006-4790

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

Affected Software

Name	Vendor	Start Version	End Version
Gnutls	Gnu	1.0.17 (including)	1.0.17 (including)
Gnutls	Gnu	1.0.18 (including)	1.0.18 (including)
Gnutls	Gnu	1.0.19 (including)	1.0.19 (including)
Gnutls	Gnu	1.0.20 (including)	1.0.20 (including)
Gnutls	Gnu	1.0.21 (including)	1.0.21 (including)
Gnutls	Gnu	1.0.22 (including)	1.0.22 (including)
Gnutls	Gnu	1.0.23 (including)	1.0.23 (including)
Gnutls	Gnu	1.0.24 (including)	1.0.24 (including)
Gnutls	Gnu	1.0.25 (including)	1.0.25 (including)
Gnutls	Gnu	1.1.14 (including)	1.1.14 (including)
Gnutls	Gnu	1.1.15 (including)	1.1.15 (including)
Gnutls	Gnu	1.1.16 (including)	1.1.16 (including)
Gnutls	Gnu	1.1.17 (including)	1.1.17 (including)
Gnutls	Gnu	1.1.18 (including)	1.1.18 (including)
Gnutls	Gnu	1.1.19 (including)	1.1.19 (including)
Gnutls	Gnu	1.1.20 (including)	1.1.20 (including)
Gnutls	Gnu	1.1.21 (including)	1.1.21 (including)
Gnutls	Gnu	1.1.22 (including)	1.1.22 (including)
Gnutls	Gnu	1.1.23 (including)	1.1.23 (including)
Gnutls	Gnu	1.2.0 (including)	1.2.0 (including)
Gnutls	Gnu	1.2.1 (including)	1.2.1 (including)
Gnutls	Gnu	1.2.2 (including)	1.2.2 (including)
Gnutls	Gnu	1.2.3 (including)	1.2.3 (including)
Gnutls	Gnu	1.2.4 (including)	1.2.4 (including)
Gnutls	Gnu	1.2.5 (including)	1.2.5 (including)
Gnutls	Gnu	1.2.6 (including)	1.2.6 (including)
Gnutls	Gnu	1.2.7 (including)	1.2.7 (including)
Gnutls	Gnu	1.2.8 (including)	1.2.8 (including)
Gnutls	Gnu	1.2.8.1a1 (including)	1.2.8.1a1 (including)
Gnutls	Gnu	1.2.9 (including)	1.2.9 (including)
Gnutls	Gnu	1.2.10 (including)	1.2.10 (including)
Gnutls	Gnu	1.2.11 (including)	1.2.11 (including)
Gnutls	Gnu	1.3.0 (including)	1.3.0 (including)
Gnutls	Gnu	1.3.1 (including)	1.3.1 (including)
Gnutls	Gnu	1.3.2 (including)	1.3.2 (including)
Gnutls	Gnu	1.3.3 (including)	1.3.3 (including)
Gnutls	Gnu	1.3.4 (including)	1.3.4 (including)
Gnutls	Gnu	1.3.5 (including)	1.3.5 (including)
Gnutls	Gnu	1.4.0 (including)	1.4.0 (including)
Gnutls	Gnu	1.4.1 (including)	1.4.1 (including)
Red Hat Enterprise Linux 4	RedHat	gnutls-0:1.0.20-3.2.3	*
Gnutls11	Ubuntu	dapper	*
Gnutls12	Ubuntu	dapper	*
Gnutls12	Ubuntu	edgy	*
Gnutls13	Ubuntu	devel	*
Gnutls13	Ubuntu	edgy	*
Gnutls13	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4790
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References