7.8

CVE-2006-2940

EPSS 16.49%
Published 28.09.2006 18:07:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

Affected products Warnungen 0 Metrics 2 CWE 0 References 145

Data is provided by the National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version0.9.1c

OpenSSL ≫ OpenSSL Version0.9.2b

OpenSSL ≫ OpenSSL Version0.9.3

OpenSSL ≫ OpenSSL Version0.9.3a

OpenSSL ≫ OpenSSL Version0.9.4

OpenSSL ≫ OpenSSL Version0.9.5

OpenSSL ≫ OpenSSL Version0.9.5 Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.5 Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.5a

OpenSSL ≫ OpenSSL Version0.9.5a Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.5a Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta3

OpenSSL ≫ OpenSSL Version0.9.6a

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta3

OpenSSL ≫ OpenSSL Version0.9.6b

OpenSSL ≫ OpenSSL Version0.9.6c

OpenSSL ≫ OpenSSL Version0.9.6d

OpenSSL ≫ OpenSSL Version0.9.6e

OpenSSL ≫ OpenSSL Version0.9.6f

OpenSSL ≫ OpenSSL Version0.9.6g

OpenSSL ≫ OpenSSL Version0.9.6h

OpenSSL ≫ OpenSSL Version0.9.6i

OpenSSL ≫ OpenSSL Version0.9.6j

OpenSSL ≫ OpenSSL Version0.9.6k

OpenSSL ≫ OpenSSL Version0.9.6l

OpenSSL ≫ OpenSSL Version0.9.6m

OpenSSL ≫ OpenSSL Version0.9.7

OpenSSL ≫ OpenSSL Version0.9.7a

OpenSSL ≫ OpenSSL Version0.9.7b

OpenSSL ≫ OpenSSL Version0.9.7c

OpenSSL ≫ OpenSSL Version0.9.7d

OpenSSL ≫ OpenSSL Version0.9.7e

OpenSSL ≫ OpenSSL Version0.9.7f

OpenSSL ≫ OpenSSL Version0.9.7g

OpenSSL ≫ OpenSSL Version0.9.7h

OpenSSL ≫ OpenSSL Version0.9.7i

OpenSSL ≫ OpenSSL Version0.9.7j

OpenSSL ≫ OpenSSL Version0.9.7k

OpenSSL ≫ OpenSSL Version0.9.8

OpenSSL ≫ OpenSSL Version0.9.8a

OpenSSL ≫ OpenSSL Version0.9.8b

OpenSSL ≫ OpenSSL Version0.9.8c

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	16.49%	0.947

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

http://secunia.com/advisories/23794

http://securitytracker.com/id?1017522

http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

http://www.securityfocus.com/bid/22083

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://secunia.com/advisories/23680

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

http://secunia.com/advisories/31492

http://www.redhat.com/support/errata/RHSA-2008-0629.html

http://openvpn.net/changelog.html

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540

http://secunia.com/advisories/23280

http://secunia.com/advisories/23340

http://secunia.com/advisories/23915

http://secunia.com/advisories/26893

http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm

http://www.vupen.com/english/advisories/2007/0343

https://issues.rpath.com/browse/RPL-1633

http://docs.info.apple.com/article.html?artnum=304829

http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

http://secunia.com/advisories/23155

http://www.us-cert.gov/cas/techalerts/TA06-333A.html

US Government Resource

http://www.vupen.com/english/advisories/2006/4750

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

http://secunia.com/advisories/22487

http://www.securityfocus.com/archive/1/456546/100/200/threaded

http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771

http://secunia.com/advisories/26329

http://www.vupen.com/english/advisories/2007/2783

http://lists.vmware.com/pipermail/security-announce/2008/000008.html

http://marc.info/?l=bind-announce&m=116253119512445&w=2

http://secunia.com/advisories/22259

Vendor Advisory

http://secunia.com/advisories/22260

Vendor Advisory

http://secunia.com/advisories/22284

Vendor Advisory

http://secunia.com/advisories/22671

http://secunia.com/advisories/22758

http://secunia.com/advisories/22799

http://secunia.com/advisories/24930

http://secunia.com/advisories/24950

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1

http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html

http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:177

http://www.mandriva.com/security/advisories?name=MDKSA-2006:178

http://www.securityfocus.com/archive/1/489739/100/0/threaded

http://www.securityfocus.com/bid/28276

http://www.serv-u.com/releasenotes/

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

http://www.vmware.com/support/player/doc/releasenotes_player.html

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

http://www.vupen.com/english/advisories/2006/3936

http://www.vupen.com/english/advisories/2006/4327

http://www.vupen.com/english/advisories/2006/4329

http://www.vupen.com/english/advisories/2006/4417

http://www.vupen.com/english/advisories/2007/1401

http://www.vupen.com/english/advisories/2007/2315

http://www.vupen.com/english/advisories/2008/0905/references

https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

http://secunia.com/advisories/22298

http://www.novell.com/linux/security/advisories/2006_24_sr.html

http://secunia.com/advisories/22116

Vendor Advisory

http://secunia.com/advisories/23038

http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

http://www.trustix.org/errata/2006/0054

http://www.vupen.com/english/advisories/2006/4401

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc

http://issues.rpath.com/browse/RPL-613

http://kolab.org/security/kolab-vendor-notice-11.txt

http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html

http://openbsd.org/errata.html#openssl2

http://secunia.com/advisories/22094

Vendor Advisory

http://secunia.com/advisories/22130

Vendor Advisory

http://secunia.com/advisories/22165

Vendor Advisory

http://secunia.com/advisories/22166

Vendor Advisory

http://secunia.com/advisories/22172

Vendor Advisory

http://secunia.com/advisories/22186

Vendor Advisory

http://secunia.com/advisories/22193

Vendor Advisory

http://secunia.com/advisories/22207

Vendor Advisory

http://secunia.com/advisories/22212

Vendor Advisory

http://secunia.com/advisories/22216

Vendor Advisory

http://secunia.com/advisories/22220

Vendor Advisory

http://secunia.com/advisories/22240

Vendor Advisory

http://secunia.com/advisories/22330

Vendor Advisory

http://secunia.com/advisories/22385

Vendor Advisory

http://secunia.com/advisories/22460

Vendor Advisory

http://secunia.com/advisories/22544

Vendor Advisory

http://secunia.com/advisories/22626

http://secunia.com/advisories/22772

http://secunia.com/advisories/23309

http://secunia.com/advisories/23351

http://secunia.com/advisories/25889

http://secunia.com/advisories/30124

http://secunia.com/advisories/31531

http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc

http://security.gentoo.org/glsa/glsa-200610-11.xml

http://securitytracker.com/id?1016943

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1

http://support.attachmate.com/techdocs/2374.html

http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm

http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf

http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf

http://www.debian.org/security/2006/dsa-1185

http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:172

http://www.novell.com/linux/security/advisories/2006_58_openssl.html

http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html

http://www.openssl.org/news/secadv_20060928.txt

http://www.redhat.com/support/errata/RHSA-2006-0695.html

Vendor Advisory

http://www.securityfocus.com/archive/1/447318/100/0/threaded

http://www.securityfocus.com/archive/1/447393/100/0/threaded

http://www.ubuntu.com/usn/usn-353-1

http://www.vupen.com/english/advisories/2006/3820

http://www.vupen.com/english/advisories/2006/3860

http://www.vupen.com/english/advisories/2006/3869

http://www.vupen.com/english/advisories/2006/3902

http://www.vupen.com/english/advisories/2006/4019

http://www.vupen.com/english/advisories/2006/4036

http://www.vupen.com/english/advisories/2006/4264

http://www.vupen.com/english/advisories/2006/4980

http://www.vupen.com/english/advisories/2008/2396

http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf

http://secunia.com/advisories/22500

Vendor Advisory

http://www.debian.org/security/2006/dsa-1195

http://www.osvdb.org/29261

http://www.securityfocus.com/bid/20247

http://www.ubuntu.com/usn/usn-353-2

http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en

https://exchange.xforce.ibmcloud.com/vulnerabilities/29230

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311

https://nvd.nist.gov/vuln/detail/CVE-2006-2940

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2940

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2940

EUVD