7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.146 Low
EPSS
Percentile
95.7%
A vulnerability in OpenSSL may allow an attacker to create a denial-of-service condition.
OpenSSL is an Open Source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols.
When parsing certain invalid ASN.1 structures, OpenSSL may mishandle an error condition, resulting in an infinite loop. By triggering the infinite loop, an attacker may be able to create a denial-of-service condition.
A remote, unauthenticated attacker may be able create a denial-of-service condition.
See the systems affected section of this document for information about specific vendors. Users who compile OpenSSL from source are encouraged to apply the updates listed in OpenSSL Security Advisory 20060928.
247744
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 04, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00279.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23247744 Feedback>).
Updated: September 29, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See FreeBSD Project Security Advisory <http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23247744 Feedback>).
Updated: September 28, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.openssl.org/news/secadv_20060928.txt> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23247744 Feedback>).
Updated: September 29, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://rhn.redhat.com/errata/RHSA-2006-0695.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23247744 Feedback>).
Updated: September 28, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.ubuntu.com/usn/usn-353-1> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23247744 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by the OpenSSL development team in OpenSSL Security Advisory 20060928. The OpenSSL team, in turn, acknowledge Dr. S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project that lead to the discovery of this issue.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2006-2937 |
---|---|
Severity Metric: | 0.28 Date Public: |
secunia.com/advisories/22094/
secunia.com/advisories/22259/
secunia.com/advisories/22385/
secunia.com/advisories/22544/
secunia.com/advisories/22671/
secunia.com/advisories/23131/
secunia.com/advisories/23155/
secunia.com/advisories/23280/
secunia.com/advisories/23309/
secunia.com/advisories/23340/
secunia.com/advisories/23351/
sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
www.f-secure.com/security/fsc-2006-6.shtml
www.openssl.org/
www.openssl.org/news/secadv_20060928.txt