CVE-2006-2937
UnknownEPSS 10.63%
Last modified
CVE-2006-2937 is a vulnerability of currently unknown severity. OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.. EPSS estimates a 10.63% chance of exploitation in the next 30 days.
Description
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.7 |
| Openssl | Openssl | 0.9.7a |
| Openssl | Openssl | 0.9.7b |
| Openssl | Openssl | 0.9.7c |
| Openssl | Openssl | 0.9.7d |
| Openssl | Openssl | 0.9.7e |
| Openssl | Openssl | 0.9.7f |
| Openssl | Openssl | 0.9.7g |
| Openssl | Openssl | 0.9.7h |
| Openssl | Openssl | 0.9.7i |
| Openssl | Openssl | 0.9.7j |
| Openssl | Openssl | 0.9.7k |
| Openssl | Openssl | 0.9.8 |
| Openssl | Openssl | 0.9.8a |
| Openssl | Openssl | 0.9.8b |
| Openssl | Openssl | 0.9.8c |
References
- http://secunia.com/advisories/22094Patch, Vendor Advisory
- http://secunia.com/advisories/22116Patch, Vendor Advisory
- http://secunia.com/advisories/22130Patch, Vendor Advisory
- http://secunia.com/advisories/22165Patch, Vendor Advisory
- http://secunia.com/advisories/22166Patch, Vendor Advisory
- http://secunia.com/advisories/22172Patch, Vendor Advisory
- http://secunia.com/advisories/22186Patch, Vendor Advisory
- http://secunia.com/advisories/22193Patch, Vendor Advisory
- http://secunia.com/advisories/22207Patch, Vendor Advisory
- http://secunia.com/advisories/22212Patch, Vendor Advisory
- http://secunia.com/advisories/22216Patch, Vendor Advisory
- http://secunia.com/advisories/22220Patch, Vendor Advisory
- http://secunia.com/advisories/22240Patch, Vendor Advisory
- http://secunia.com/advisories/22259Patch, Vendor Advisory
- http://secunia.com/advisories/22260Patch, Vendor Advisory
- http://secunia.com/advisories/22284Patch, Vendor Advisory
- http://secunia.com/advisories/22330Patch, Vendor Advisory
- http://secunia.com/advisories/22385Vendor Advisory
- http://secunia.com/advisories/22460Vendor Advisory
- http://secunia.com/advisories/22487Vendor Advisory
- http://secunia.com/advisories/22544Vendor Advisory
- http://secunia.com/advisories/22626Vendor Advisory
- http://secunia.com/advisories/22671Vendor Advisory
- http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascPatch, Vendor Advisory
- http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdfPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/247744Patch, US Government Resource
- http://www.novell.com/linux/security/advisories/2006_24_sr.htmlPatch, Vendor Advisory
- http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlPatch, Vendor Advisory
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlPatch, Vendor Advisory
- http://www.openssl.org/news/secadv_20060928.txtPatch, Vendor Advisory
- http://www.ubuntu.com/usn/usn-353-1Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlUS Government Resource
- http://secunia.com/advisories/22094Patch, Vendor Advisory
- http://secunia.com/advisories/22116Patch, Vendor Advisory
- http://secunia.com/advisories/22130Patch, Vendor Advisory
- http://secunia.com/advisories/22165Patch, Vendor Advisory
- http://secunia.com/advisories/22166Patch, Vendor Advisory
- http://secunia.com/advisories/22172Patch, Vendor Advisory
- http://secunia.com/advisories/22186Patch, Vendor Advisory
- http://secunia.com/advisories/22193Patch, Vendor Advisory
- http://secunia.com/advisories/22207Patch, Vendor Advisory
- http://secunia.com/advisories/22212Patch, Vendor Advisory
- http://secunia.com/advisories/22216Patch, Vendor Advisory
- http://secunia.com/advisories/22220Patch, Vendor Advisory
- http://secunia.com/advisories/22240Patch, Vendor Advisory
- http://secunia.com/advisories/22259Patch, Vendor Advisory
- http://secunia.com/advisories/22260Patch, Vendor Advisory
- http://secunia.com/advisories/22284Patch, Vendor Advisory
- http://secunia.com/advisories/22330Patch, Vendor Advisory
- http://secunia.com/advisories/22385Vendor Advisory
- http://secunia.com/advisories/22460Vendor Advisory
- http://secunia.com/advisories/22487Vendor Advisory
- http://secunia.com/advisories/22544Vendor Advisory
- http://secunia.com/advisories/22626Vendor Advisory
- http://secunia.com/advisories/22671Vendor Advisory
- http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascPatch, Vendor Advisory
- http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdfPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/247744Patch, US Government Resource
- http://www.novell.com/linux/security/advisories/2006_24_sr.htmlPatch, Vendor Advisory
- http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlPatch, Vendor Advisory
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlPatch, Vendor Advisory
- http://www.openssl.org/news/secadv_20060928.txtPatch, Vendor Advisory
- http://www.ubuntu.com/usn/usn-353-1Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-2937?
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
How severe is CVE-2006-2937?
Severity scoring for CVE-2006-2937 is pending analysis. The EPSS model estimates a 10.63% probability of exploitation in the next 30 days.
How do I fix CVE-2006-2937?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-2937?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST