CVE-2006-2093

Name of the Vulnerable Software and Affected Versions Nessus versions prior to 2.2.8 Nessus versions 3.x prior to 3.0.3

Description The issue allows user-assisted attackers to cause a denial of service via a NASL script that calls the split function with an invalid sep parameter. This could lead to excessive memory consumption. The NASL language is designed to guarantee that a script cannot perform malicious actions, but in this case, the expectation that a split statement will not use excessive memory may not be met.

Recommendations For Nessus versions prior to 2.2.8, update to version 2.2.8 or later. For Nessus versions 3.x prior to 3.0.3, update to version 3.0.3 or later.