Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2006-2937

Published: 28/09/2006 Updated: 18/10/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Openssl

Vulnerability Summary

OpenSSL 0.9.7 prior to 0.9.7l and 0.9.8 prior to 0.9.8d allows remote malicious users to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.7a

openssl openssl 0.9.7b

openssl openssl 0.9.7i

openssl openssl 0.9.7j

openssl openssl 0.9.7k

openssl openssl 0.9.7e

openssl openssl 0.9.7f

openssl openssl 0.9.8b

openssl openssl 0.9.8c

openssl openssl 0.9.7c

openssl openssl 0.9.7d

openssl openssl 0.9.8

openssl openssl 0.9.8a

openssl openssl 0.9.7

openssl openssl 0.9.7g

openssl openssl 0.9.7h

Vendor Advisories

Debian CVElist Bug Report Logs: Security: OpenSSL Security Advisory [28th September 2006]
Debian Bug report logs - #389940 Security: OpenSSL Security Advisory [28th September 2006] Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: "debian-bts@spamblocknetzgehirnde" <debian-bts@spamb ...
Ubuntu Security Notice: openssl vulnerabilities
Dr Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN1 parser By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory (CVE-2006-2937) ...
Debian Security Advisories: DSA-1185-2 openssl -- denial of service
The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory Such use is likely to cause the application using the openssl library to crash, and has the potential to allow an attacker to cause the execution of arbitrary code For reference please find below the original advisory text: Multiple vulnerabi ...

References

CWE-399http://www.openssl.org/news/secadv_20060928.txthttp://www.kb.cert.org/vuls/id/247744http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlhttp://www.debian.org/security/2006/dsa-1185http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.aschttp://www.redhat.com/support/errata/RHSA-2006-0695.htmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946http://www.ubuntu.com/usn/usn-353-1http://www.securityfocus.com/bid/20248http://secunia.com/advisories/22130http://secunia.com/advisories/22094http://secunia.com/advisories/22165http://secunia.com/advisories/22186http://secunia.com/advisories/22193http://secunia.com/advisories/22207http://secunia.com/advisories/22259http://secunia.com/advisories/22260http://kolab.org/security/kolab-vendor-notice-11.txthttp://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlhttp://www.novell.com/linux/security/advisories/2006_58_openssl.htmlhttp://www.trustix.org/errata/2006/0054http://securitytracker.com/id?1016943http://secunia.com/advisories/22166http://secunia.com/advisories/22172http://secunia.com/advisories/22212http://secunia.com/advisories/22240http://secunia.com/advisories/22216http://secunia.com/advisories/22116http://secunia.com/advisories/22220http://openvpn.net/changelog.htmlhttp://www.serv-u.com/releasenotes/http://openbsd.org/errata.html#openssl2http://secunia.com/advisories/22284http://secunia.com/advisories/22330http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmhttp://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdfhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1http://www.novell.com/linux/security/advisories/2006_24_sr.htmlhttp://www.osvdb.org/29260http://secunia.com/advisories/22385http://secunia.com/advisories/22460http://security.gentoo.org/glsa/glsa-200610-11.xmlhttp://secunia.com/advisories/22544http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdfftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://secunia.com/advisories/22626http://secunia.com/advisories/22487http://secunia.com/advisories/22671http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlhttp://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlhttp://secunia.com/advisories/22758http://secunia.com/advisories/22799http://secunia.com/advisories/22772http://secunia.com/advisories/23038http://docs.info.apple.com/article.html?artnum=304829http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://secunia.com/advisories/23155http://www.f-secure.com/security/fsc-2006-6.shtmlhttp://secunia.com/advisories/23131http://secunia.com/advisories/22298http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmhttp://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1http://secunia.com/advisories/23309http://secunia.com/advisories/23280http://secunia.com/advisories/23340http://secunia.com/advisories/23351http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlhttp://secunia.com/advisories/23680http://secunia.com/advisories/23915http://secunia.com/advisories/24950http://secunia.com/advisories/24930http://issues.rpath.com/browse/RPL-613http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:172http://www.mandriva.com/security/advisories?name=MDKSA-2006:177http://www.mandriva.com/security/advisories?name=MDKSA-2006:178http://secunia.com/advisories/25889http://secunia.com/advisories/26329http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlhttp://www.vmware.com/security/advisories/VMSA-2008-0005.htmlhttp://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlhttp://www.vmware.com/support/player/doc/releasenotes_player.htmlhttp://www.vmware.com/support/player2/doc/releasenotes_player2.htmlhttp://www.vmware.com/support/server/doc/releasenotes_server.htmlhttp://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlhttp://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlhttp://www.securityfocus.com/bid/28276ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.aschttp://secunia.com/advisories/30124http://secunia.com/advisories/31531http://support.attachmate.com/techdocs/2374.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://secunia.com/advisories/31492http://www.vupen.com/english/advisories/2007/2315http://www.vupen.com/english/advisories/2006/3860http://www.vupen.com/english/advisories/2006/4019http://www.vupen.com/english/advisories/2006/4264http://www.vupen.com/english/advisories/2006/4417http://www.vupen.com/english/advisories/2007/1401http://www.vupen.com/english/advisories/2006/4750http://www.vupen.com/english/advisories/2006/4329http://www.vupen.com/english/advisories/2006/3936https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144http://www.vupen.com/english/advisories/2006/3902http://www.vupen.com/english/advisories/2006/4401http://www.vupen.com/english/advisories/2006/4761http://www.vupen.com/english/advisories/2006/4327http://www.vupen.com/english/advisories/2006/3820http://www.vupen.com/english/advisories/2006/4980http://www.vupen.com/english/advisories/2007/0343http://www.vupen.com/english/advisories/2006/3869http://www.vupen.com/english/advisories/2008/0905/referenceshttp://www.vupen.com/english/advisories/2006/4036http://www.vupen.com/english/advisories/2008/2396http://www.vupen.com/english/advisories/2007/2783http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100http://marc.info/?l=bugtraq&m=130497311408250&w=2http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771http://marc.info/?l=bind-announce&m=116253119512445&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/29228https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560http://www.securityfocus.com/archive/1/489739/100/0/threadedhttp://www.securityfocus.com/archive/1/456546/100/200/threadedhttp://www.securityfocus.com/archive/1/447393/100/0/threadedhttp://www.securityfocus.com/archive/1/447318/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389940https://usn.ubuntu.com/353-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/247744
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook