PT-2006-1069 · Openssl+1 · Openssl+1

Noam Rathaus

Published

2006-09-28

Updated

2024-06-15

CVE-2006-4343

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.7 before 0.9.7l OpenSSL versions 0.9.8 before 0.9.8d OpenSSL earlier versions

Description: The issue allows remote servers to cause a denial of service, potentially leading to a client crash via unknown vectors that trigger a null pointer dereference in the get server hello function. Multiple vulnerabilities in the openssl package may lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations: For OpenSSL versions 0.9.7 before 0.9.7l, update to version 0.9.7l or later. For OpenSSL versions 0.9.8 before 0.9.8d, update to version 0.9.8d or later. For OpenSSL earlier versions, update to a version 0.9.7l or 0.9.8d, or later.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-476

Related Identifiers

BDU:2015-09525

CVE-2006-4343

DSA-1185-2

DSA-1195-1

HPSBUX02174

OPENSUSE-SU-2024:11125-1

OPENSUSE-SU-2024:11126-1

OPENSUSE-SU-2024:11127-1

RHSA-2006:0695

RHSA-2006_0695

RHSA-2008:0264

RHSA-2008:0525

RHSA-2008:0629

SUSE-FU-2022:0445-1

Affected Products

Openssl

Red Hat

PT-2006-1069 · Openssl+1 · Openssl+1

CVE-2006-4343

Weakness Enumeration

Related Identifiers

Affected Products

References · 311