CVE-2006-2937

Severity

78%

Complexity

99%

Confidentiality

115%

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

OpenSSL Project OpenSSL

First reported 18 years ago

2006-09-28 18:07:00

Last updated 6 years ago

2018-10-18 16:43:00

Affected Software

OpenSSL Project OpenSSL 0.9.7

0.9.7

OpenSSL Project OpenSSL 0.9.7a

0.9.7a

OpenSSL Project OpenSSL 0.9.7b

0.9.7b

OpenSSL Project OpenSSL 0.9.7c

0.9.7c

OpenSSL Project OpenSSL 0.9.7d

0.9.7d

OpenSSL Project OpenSSL 0.9.7e

0.9.7e

OpenSSL Project OpenSSL 0.9.7f

0.9.7f

OpenSSL Project OpenSSL 0.9.7g

0.9.7g

OpenSSL Project OpenSSL 0.9.7h

0.9.7h

OpenSSL Project OpenSSL 0.9.7i

0.9.7i

OpenSSL Project OpenSSL 0.9.7j

0.9.7j

OpenSSL Project OpenSSL 0.9.7k

0.9.7k

OpenSSL Project OpenSSL 0.9.8

0.9.8

OpenSSL Project OpenSSL 0.9.8a

0.9.8a

OpenSSL Project OpenSSL 0.9.8b

0.9.8b

OpenSSL Project OpenSSL 0.9.8c

0.9.8c

References

NetBSD-SA2008-007

20061001-01-P

http://docs.info.apple.com/article.html?artnum=304829

HPSBMA02250

http://issues.rpath.com/browse/RPL-613

HPSBUX02174

SSRT071299

http://kolab.org/security/kolab-vendor-notice-11.txt

Patch

APPLE-SA-2006-11-28

20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released

Patch

[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]

SSRT090208

[3.9] 20061007 013: SECURITY FIX: October 7, 2006

Patch

http://openvpn.net/changelog.html

Patch

22094

Patch, Vendor Advisory

22116

Patch, Vendor Advisory

22130

Patch, Vendor Advisory

22165

Patch, Vendor Advisory

22166

Patch, Vendor Advisory

22172

Patch, Vendor Advisory

22186

Patch, Vendor Advisory

22193

Patch, Vendor Advisory

22207

Patch, Vendor Advisory

22212

Patch, Vendor Advisory

22216

Patch, Vendor Advisory

22220

Patch, Vendor Advisory

22240

Patch, Vendor Advisory

22259

Patch, Vendor Advisory

22260

Patch, Vendor Advisory

22284

Patch, Vendor Advisory

22298

22330

Patch, Vendor Advisory

22385

Vendor Advisory

22460

Vendor Advisory

22487

Vendor Advisory

22544

Vendor Advisory

22626

Vendor Advisory

22671

Vendor Advisory

22758

22772

22799

23038

23131

23155

23280

23309

23340

23351

23680

23915

24930

24950

25889

26329

30124

31492

31531

FreeBSD-SA-06:23.openssl

Patch, Vendor Advisory

GLSA-200610-11

1016943

Patch

SSA:2006-272-01

Patch

http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

102668

Patch

102747

200585

201534

http://support.attachmate.com/techdocs/2374.html

http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm

Patch

http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm

http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf

Patch, Vendor Advisory

http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf

20061108 Multiple Vulnerabilities in OpenSSL Library

20061108 Multiple Vulnerabilities in OpenSSL library

DSA-1185

Patch

http://www.f-secure.com/security/fsc-2006-6.shtml

GLSA-200612-11

VU#247744

Patch, US Government Resource

MDKSA-2006:172

MDKSA-2006:177

MDKSA-2006:178

SUSE-SR:2006:024

Patch, Vendor Advisory

SUSE-SA:2006:058

Patch, Vendor Advisory

OpenPKG-SA-2006.021

Patch, Vendor Advisory

http://www.openssl.org/news/secadv_20060928.txt

Patch, Vendor Advisory

29260

RHSA-2006:0695

Patch

RHSA-2008:0629

20060928 rPSA-2006-0175-1 openssl openssl-scripts

20060929 rPSA-2006-0175-2 openssl openssl-scripts

20070110 VMware ESX server security updates

20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

20248

Patch

28276

http://www.serv-u.com/releasenotes/

Patch

2006-0054

Patch

USN-353-1

Patch, Vendor Advisory

TA06-333A

US Government Resource

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

http://www.vmware.com/support/player/doc/releasenotes_player.html

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

ADV-2006-3820

ADV-2006-3860

ADV-2006-3869

ADV-2006-3902

ADV-2006-3936

ADV-2006-4019

ADV-2006-4036

ADV-2006-4264

ADV-2006-4327

ADV-2006-4329

ADV-2006-4401

ADV-2006-4417

ADV-2006-4750

ADV-2006-4761

ADV-2006-4980

ADV-2007-0343

ADV-2007-1401

ADV-2007-2315

ADV-2007-2783

ADV-2008-0905

ADV-2008-2396

http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf

openssl-asn1-error-dos(29228)

oval:org.mitre.oval:def:10560

SSRT071304

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.