7.8

CVE-2006-2937

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.7k
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.63% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://secunia.com/advisories/23680
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://secunia.com/advisories/31492
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://openvpn.net/changelog.html
Patch
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://secunia.com/advisories/23280
http://secunia.com/advisories/23340
http://secunia.com/advisories/23915
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.vupen.com/english/advisories/2007/0343
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://secunia.com/advisories/23155
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/4750
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://secunia.com/advisories/22487
Vendor Advisory
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://secunia.com/advisories/26329
http://www.vupen.com/english/advisories/2007/2783
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://secunia.com/advisories/22259
Patch
Vendor Advisory
http://secunia.com/advisories/22260
Patch
Vendor Advisory
http://secunia.com/advisories/22284
Patch
Vendor Advisory
http://secunia.com/advisories/22671
Vendor Advisory
http://secunia.com/advisories/22758
http://secunia.com/advisories/22799
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/28276
http://www.serv-u.com/releasenotes/
Patch
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2008/0905/references
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
http://secunia.com/advisories/22298
http://www.novell.com/linux/security/advisories/2006_24_sr.html
Patch
Vendor Advisory
http://secunia.com/advisories/22116
Patch
Vendor Advisory
http://secunia.com/advisories/23038
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://www.trustix.org/errata/2006/0054
Patch
http://www.vupen.com/english/advisories/2006/4401
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
http://issues.rpath.com/browse/RPL-613
http://kolab.org/security/kolab-vendor-notice-11.txt
Patch
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
Patch
http://openbsd.org/errata.html#openssl2
Patch
http://secunia.com/advisories/22094
Patch
Vendor Advisory
http://secunia.com/advisories/22130
Patch
Vendor Advisory
http://secunia.com/advisories/22165
Patch
Vendor Advisory
http://secunia.com/advisories/22166
Patch
Vendor Advisory
http://secunia.com/advisories/22172
Patch
Vendor Advisory
http://secunia.com/advisories/22186
Patch
Vendor Advisory
http://secunia.com/advisories/22193
Patch
Vendor Advisory
http://secunia.com/advisories/22207
Patch
Vendor Advisory
http://secunia.com/advisories/22212
Patch
Vendor Advisory
http://secunia.com/advisories/22216
Patch
Vendor Advisory
http://secunia.com/advisories/22220
Patch
Vendor Advisory
http://secunia.com/advisories/22240
Patch
Vendor Advisory
http://secunia.com/advisories/22330
Patch
Vendor Advisory
http://secunia.com/advisories/22385
Vendor Advisory
http://secunia.com/advisories/22460
Vendor Advisory
http://secunia.com/advisories/22544
Vendor Advisory
http://secunia.com/advisories/22626
Vendor Advisory
http://secunia.com/advisories/22772
http://secunia.com/advisories/23131
http://secunia.com/advisories/23309
http://secunia.com/advisories/23351
http://secunia.com/advisories/25889
http://secunia.com/advisories/30124
http://secunia.com/advisories/31531
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200610-11.xml
http://securitytracker.com/id?1016943
Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
Patch
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
Patch
Vendor Advisory
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.debian.org/security/2006/dsa-1185
Patch
http://www.f-secure.com/security/fsc-2006-6.shtml
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
http://www.kb.cert.org/vuls/id/247744
Patch
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
Patch
Vendor Advisory
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
Patch
Vendor Advisory
http://www.openssl.org/news/secadv_20060928.txt
Patch
Vendor Advisory
http://www.osvdb.org/29260
http://www.redhat.com/support/errata/RHSA-2006-0695.html
Patch
http://www.securityfocus.com/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/447393/100/0/threaded
http://www.securityfocus.com/bid/20248
Patch
http://www.ubuntu.com/usn/usn-353-1
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2006/3820
http://www.vupen.com/english/advisories/2006/3860
http://www.vupen.com/english/advisories/2006/3869
http://www.vupen.com/english/advisories/2006/3902
http://www.vupen.com/english/advisories/2006/4019
http://www.vupen.com/english/advisories/2006/4036
http://www.vupen.com/english/advisories/2006/4264
http://www.vupen.com/english/advisories/2006/4761
http://www.vupen.com/english/advisories/2006/4980
http://www.vupen.com/english/advisories/2008/2396
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29228
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560