PT-2006-1068 · Openssl+2 · Openssl+2

Dr. S. N. Henson

Published

2006-09-28

Updated

2024-06-15

CVE-2006-2937

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.7 through 0.9.7l OpenSSL versions 0.9.8 through 0.9.8d

Description: The issue is related to an error in processing malformed ASN.1 structures, which may lead to an infinite loop and consumption of memory, resulting in a denial of service. This can be triggered remotely, potentially affecting the availability of the service. Multiple vulnerabilities in the OpenSSL package may also lead to violations of confidentiality, integrity, and availability of protected information.

Recommendations: For OpenSSL versions 0.9.7 through 0.9.7l, update to version 0.9.7l or later. For OpenSSL versions 0.9.8 through 0.9.8d, update to version 0.9.8d or later. As a temporary workaround, consider restricting access to the service to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-09525

CVE-2006-2937

DSA-1185-2

HPSBUX02174

OPENSUSE-SU-2024:11125-1

OPENSUSE-SU-2024:11126-1

OPENSUSE-SU-2024:11127-1

RHSA-2006:0695

RHSA-2006_0695

RHSA-2008:0264

RHSA-2008:0525

RHSA-2008:0629

SUSE-FU-2022:0445-1

Affected Products

Hp-Ux

Openssl

Red Hat

PT-2006-1068 · Openssl+2 · Openssl+2

CVE-2006-2937

Weakness Enumeration

Related Identifiers

Affected Products

References · 319