CVE-2006-4343

Advisory lineage Upstream: 0 Downstream: 9
Modified
Published: 28 Sept 2006, 18:00
Last modified:07 Aug 2024, 19:06

Vulnerability Summary

Overall Risk (default)
medium
29/100
CVSS Score
4.3 MEDIUM
v2.0 (nvd)
EPSS Score
6.93% LOW
7% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected

Timeline

28 Sept 2006, 18:00
Published
Vulnerability first disclosed
07 Aug 2024, 19:06
Last Modified
Vulnerability information updated

Description

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

CVSS Metrics

  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 6.93% Percentile: 92%

Techniques & Countermeasures

  • CWE-476NULL Pointer Dereference

    The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

  • canonicalubuntu_linux

    5.04 | 5.10 | 6.06

  • debiandebian_linux

    3.1

  • UnknownOpenSSL

    0.9.7 | 0.9.7a | 0.9.7b | 0.9.7c | 0.9.7d | 0.9.7e | 0.9.7f | 0.9.7g | 0.9.7h | 0.9.7i | 0.9.7j | 0.9.7k | 0.9.8 | 0.9.8a | 0.9.8b | 0.9.8c

References (131)