The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssl< 0.9.8c-2openssl_0.9.8c-2_all.deb
Debian11allopenssl< 0.9.8c-2openssl_0.9.8c-2_all.deb
Debian10allopenssl< 0.9.8c-2openssl_0.9.8c-2_all.deb
Debian999allopenssl< 0.9.8c-2openssl_0.9.8c-2_all.deb
Debian13allopenssl< 0.9.8c-2openssl_0.9.8c-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssl	< 0.9.8c-2	openssl_0.9.8c-2_all.deb
Debian	11	all	openssl	< 0.9.8c-2	openssl_0.9.8c-2_all.deb
Debian	10	all	openssl	< 0.9.8c-2	openssl_0.9.8c-2_all.deb
Debian	999	all	openssl	< 0.9.8c-2	openssl_0.9.8c-2_all.deb
Debian	13	all	openssl	< 0.9.8c-2	openssl_0.9.8c-2_all.deb

packetstorm 1

securityvulns 4

seebug 4

ubuntucve 1

exploitpack 2

openssl 1

cve 1

exploitdb 2

openvas 66

debian 3

nessus 39

osv 2

altlinux 3

f5 4

gentoo 2

freebsd_advisory 1

centos 2

suse 1

redhat 4

slackware 1

ubuntu 1

oraclelinux 5

freebsd 1

vmware 2

cert 2

packetstorm

openssl-dos.txt

2007-12-24 00:00:00

securityvulns

[EXPL] OpenSSL SSLv2 Client Crash (NULL Reference)

2007-12-20 00:00:00

Multiple OpenSSL security vulnerabilities

2007-09-28 00:00:00

[OpenPKG-SA-2006.021] OpenPKG Security Advisory (openssl)

2006-09-29 00:00:00

seebug

OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service Vulnerability

2014-07-01 00:00:00

OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash Exploit

2014-07-01 00:00:00

OpenSSL < 0.9.7l / 0.9.8d SSLv2 Client Crash Exploit

2007-12-24 00:00:00

ubuntucve

CVE-2006-4343

2006-09-28 00:00:00

exploitpack

OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service

2006-09-28 00:00:00

OpenSSL 0.9.7l0.9.8d - SSLv2 Client Crash

2007-12-23 00:00:00

openssl

Vulnerability in OpenSSL CVE-2006-4343

2006-09-28 00:00:00

cve

CVE-2006-4343

2006-09-28 18:07:00

exploitdb

OpenSSL < 0.9.7l/0.9.8d - SSLv2 Client Crash

2007-12-23 00:00:00

OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service

2006-09-28 00:00:00

openvas

Debian Security Advisory DSA 1195-1 (openssl096)

2008-01-17 00:00:00

Debian: Security Advisory (DSA-1195-1)

2008-01-17 00:00:00

Debian Security Advisory DSA 1185-1 (openssl)

2008-01-17 00:00:00

debian

[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service

2006-10-10 20:35:20

[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service

2006-10-10 20:35:20

[SECURITY] [DSA 1185-1] New openssl packages fix denial of service

2006-09-28 17:28:09

nessus

Debian DSA-1195-1 : openssl096 - denial of service (multiple)

2006-10-20 00:00:00

F5 Networks BIG-IP : Local OpenSSL vulnerabilities (SOL6734)

2014-10-10 00:00:00

Debian DSA-1185-2 : openssl - denial of service

2006-10-14 00:00:00

osv

openssl096

2006-10-10 00:00:00

openssl

2006-09-28 00:00:00

altlinux

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt5

2006-09-27 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt5

2006-09-27 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt5

2006-09-27 00:00:00

K6734 : Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343

2013-03-27 00:00:00

SOL6734 - Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343

2007-05-16 00:00:00

K8106 : OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

2013-03-27 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2006-10-24 00:00:00

AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities

2006-12-11 00:00:00

freebsd_advisory

FreeBSD-SA-06:23.openssl

2006-09-28 00:00:00

centos

openssl, openssl096b security update

2006-09-29 03:35:21

openssl, openssl095a, openssl096 security update

2006-10-02 01:43:05

suse

remote denial of service in openssl

2006-09-28 16:40:53

redhat

(RHSA-2006:0695) openssl security update

2006-09-28 00:00:00

(RHSA-2008:0629) Moderate: Red Hat Network Satellite Server Solaris client security update

2008-08-13 00:00:00

(RHSA-2008:0264) Moderate: Red Hat Network Satellite Server Solaris client security update

2008-05-20 00:00:00

slackware

[slackware-security] openssl

2006-09-29 07:57:13

ubuntu

openssl vulnerabilities

2006-09-29 00:00:00

oraclelinux

Important openssl security update

2006-11-30 00:00:00

Important openssl security update

2006-11-30 00:00:00

openssl-fips security update

2015-04-02 00:00:00

freebsd

OpenSSL -- Multiple problems in crypto(3)

2006-09-28 00:00:00

vmware

Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line

2008-03-17 00:00:00

Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line

2008-03-17 00:00:00

cert

OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow

2006-09-28 00:00:00

OpenSSL SSLv2 client code fails to properly check for NULL

2006-09-28 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

Related for DEBIANCVE:CVE-2006-4343