CVE-2006-2937

Advisory lineage Upstream: 0 Downstream: 8
Modified
Published: 28 Sept 2006, 18:00
Last modified:07 Aug 2024, 18:06

Vulnerability Summary

Overall Risk (default)
medium
32/100
CVSS Score
7.8 HIGH
v2.0 (nvd)
EPSS Score
5.11% LOW
5% probability -3.72%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

28 Sept 2006, 18:00
Published
Vulnerability first disclosed
07 Aug 2024, 18:06
Last Modified
Vulnerability information updated

Description

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

CVSS Metrics

  • v2.0HIGHScore: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 5.11% Percentile: 90%

Techniques & Countermeasures

  • CWE-399Resource Management Errors

    Weaknesses in this category are related to improper management of system resources.

Affected Systems

  • UnknownOpenSSL

    0.9.7 | 0.9.7a | 0.9.7b | 0.9.7c | 0.9.7d | 0.9.7e | 0.9.7f | 0.9.7g | 0.9.7h | 0.9.7i | 0.9.7j | 0.9.7k | 0.9.8 | 0.9.8a | 0.9.8b | 0.9.8c

References (136)