Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2006-3738

Published: 28/09/2006 Updated: 17/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Openssl

Vulnerability Summary

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 prior to 0.9.7l, 0.9.8 prior to 0.9.8d, and previous versions versions has unspecified impact and remote attack vectors involving a long list of ciphers.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.7

openssl openssl 0.9.7g

openssl openssl 0.9.7h

openssl openssl 0.9.8c

openssl openssl 0.9.7a

openssl openssl 0.9.7b

openssl openssl 0.9.7i

openssl openssl 0.9.7j

openssl openssl 0.9.7e

openssl openssl 0.9.7f

openssl openssl 0.9.8a

openssl openssl 0.9.8b

openssl openssl 0.9.7c

openssl openssl 0.9.7d

openssl openssl 0.9.7k

openssl openssl 0.9.8

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Dr Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN1 parser By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory (CVE-2006-2937) ...
Debian CVElist Bug Report Logs: Security: OpenSSL Security Advisory [28th September 2006]
Debian Bug report logs - #389940 Security: OpenSSL Security Advisory [28th September 2006] Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: "debian-bts@spamblocknetzgehirnde" <debian-bts@spamb ...
Debian CVElist Bug Report Logs: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()
Debian Bug report logs - #444435 openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers() Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: abe@physethzch (Axel Beckert) Date: F ...
Debian Security Advisories: DSA-1195-1 openssl096 -- denial of service (multiple)
Multiple vulnerabilities have been discovered in the OpenSSL cryptographic software package that could allow an attacker to launch a denial of service attack by exhausting system resources or crashing processes on a victim's computer CVE-2006-3738 Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overfl ...
Debian Security Advisories: DSA-1185-2 openssl -- denial of service
The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory Such use is likely to cause the application using the openssl library to crash, and has the potential to allow an attacker to cause the execution of arbitrary code For reference please find below the original advisory text: Multiple vulnerabi ...

References

CWE-119http://www.openssl.org/news/secadv_20060928.txthttp://www.kb.cert.org/vuls/id/547300http://www.securityfocus.com/bid/20249http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlhttp://www.debian.org/security/2006/dsa-1185http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.aschttp://www.redhat.com/support/errata/RHSA-2006-0695.htmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946http://www.ubuntu.com/usn/usn-353-1http://secunia.com/advisories/22130http://secunia.com/advisories/22094http://secunia.com/advisories/22165http://secunia.com/advisories/22186http://secunia.com/advisories/22193http://secunia.com/advisories/22207http://secunia.com/advisories/22259http://secunia.com/advisories/22260http://kolab.org/security/kolab-vendor-notice-11.txthttp://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlhttp://www.novell.com/linux/security/advisories/2006_58_openssl.htmlhttp://www.trustix.org/errata/2006/0054http://securitytracker.com/id?1016943http://secunia.com/advisories/22166http://secunia.com/advisories/22172http://secunia.com/advisories/22212http://secunia.com/advisories/22240http://secunia.com/advisories/22216http://secunia.com/advisories/22116http://secunia.com/advisories/22220http://openvpn.net/changelog.htmlhttp://openbsd.org/errata.html#openssl2http://secunia.com/advisories/22284http://secunia.com/advisories/22330http://www.debian.org/security/2006/dsa-1195http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1http://www.novell.com/linux/security/advisories/2006_24_sr.htmlhttp://www.osvdb.org/29262http://secunia.com/advisories/22385http://secunia.com/advisories/22460http://security.gentoo.org/glsa/glsa-200610-11.xmlhttp://secunia.com/advisories/22500http://secunia.com/advisories/22544ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://secunia.com/advisories/22626http://secunia.com/advisories/22633http://secunia.com/advisories/22654http://secunia.com/advisories/22487http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlhttp://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1http://secunia.com/advisories/22758http://secunia.com/advisories/22799http://secunia.com/advisories/22791http://secunia.com/advisories/22772http://secunia.com/advisories/23038http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://secunia.com/advisories/23155http://secunia.com/advisories/22298http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmhttp://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlhttp://secunia.com/advisories/23309http://secunia.com/advisories/23280http://secunia.com/advisories/23340http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlhttp://secunia.com/advisories/23680http://secunia.com/advisories/23794http://securitytracker.com/id?1017522http://secunia.com/advisories/23915http://secunia.com/advisories/24950http://secunia.com/advisories/24930http://issues.rpath.com/browse/RPL-613http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:172http://www.mandriva.com/security/advisories?name=MDKSA-2006:177http://www.mandriva.com/security/advisories?name=MDKSA-2006:178http://www.securityfocus.com/bid/22083http://secunia.com/advisories/25889http://secunia.com/advisories/26329http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1http://www.gentoo.org/security/en/glsa/glsa-200805-07.xmlftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.aschttp://secunia.com/advisories/30124http://secunia.com/advisories/30161http://secunia.com/advisories/31492http://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://www.vupen.com/english/advisories/2007/2315http://www.vupen.com/english/advisories/2006/3860http://www.vupen.com/english/advisories/2006/4314http://www.vupen.com/english/advisories/2006/4264http://www.vupen.com/english/advisories/2006/4417http://www.vupen.com/english/advisories/2007/1401http://www.vupen.com/english/advisories/2006/4750http://www.vupen.com/english/advisories/2006/3936https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144http://www.vupen.com/english/advisories/2006/3902http://www.vupen.com/english/advisories/2006/4401http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771http://www.vupen.com/english/advisories/2006/3820http://www.vupen.com/english/advisories/2007/0343http://www.vupen.com/english/advisories/2006/3869http://www.vupen.com/english/advisories/2006/4036http://www.vupen.com/english/advisories/2007/2783http://www.vupen.com/english/advisories/2006/4443http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100http://marc.info/?l=bugtraq&m=130497311408250&w=2http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.htmlhttp://www.serv-u.com/releasenotes/http://docs.info.apple.com/article.html?artnum=304829http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmhttps://exchange.xforce.ibmcloud.com/vulnerabilities/29237https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256http://www.securityfocus.com/archive/1/470460/100/0/threadedhttp://www.securityfocus.com/archive/1/456546/100/200/threadedhttp://www.securityfocus.com/archive/1/447393/100/0/threadedhttp://www.securityfocus.com/archive/1/447318/100/0/threadedhttps://usn.ubuntu.com/353-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/547300
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook