Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libopenssl-devel-1.1.1l-1.2 on GA media
Notes
Title of the patch
libopenssl-devel-1.1.1l-1.2 on GA media
Description of the patch
These are all security issues fixed in the libopenssl-devel-1.1.1l-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11125
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libopenssl-devel-1.1.1l-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libopenssl-devel-1.1.1l-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11125", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11125-1.json", }, { category: "self", summary: "SUSE CVE CVE-2006-2937 page", url: "https://www.suse.com/security/cve/CVE-2006-2937/", }, { category: "self", summary: "SUSE CVE CVE-2006-2940 page", url: "https://www.suse.com/security/cve/CVE-2006-2940/", }, { category: "self", summary: "SUSE CVE CVE-2006-3738 page", url: "https://www.suse.com/security/cve/CVE-2006-3738/", }, { category: "self", summary: "SUSE CVE CVE-2006-4339 page", url: "https://www.suse.com/security/cve/CVE-2006-4339/", }, { category: "self", summary: "SUSE CVE CVE-2006-4343 page", url: "https://www.suse.com/security/cve/CVE-2006-4343/", }, { category: "self", summary: "SUSE CVE CVE-2007-3108 page", url: "https://www.suse.com/security/cve/CVE-2007-3108/", }, { category: "self", summary: "SUSE CVE CVE-2007-5135 page", url: "https://www.suse.com/security/cve/CVE-2007-5135/", }, { category: "self", summary: "SUSE CVE CVE-2008-0891 page", url: "https://www.suse.com/security/cve/CVE-2008-0891/", }, { category: "self", summary: "SUSE CVE CVE-2008-1672 page", url: "https://www.suse.com/security/cve/CVE-2008-1672/", }, { category: "self", summary: "SUSE CVE CVE-2016-7055 page", url: "https://www.suse.com/security/cve/CVE-2016-7055/", }, { category: "self", summary: "SUSE CVE CVE-2016-7056 page", url: "https://www.suse.com/security/cve/CVE-2016-7056/", }, { category: "self", summary: "SUSE CVE CVE-2017-3731 page", url: "https://www.suse.com/security/cve/CVE-2017-3731/", }, { category: "self", summary: "SUSE CVE CVE-2017-3732 page", url: "https://www.suse.com/security/cve/CVE-2017-3732/", }, ], title: "libopenssl-devel-1.1.1l-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11125-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libopenssl-devel-1.1.1l-1.2.aarch64", product: { name: "libopenssl-devel-1.1.1l-1.2.aarch64", product_id: "libopenssl-devel-1.1.1l-1.2.aarch64", }, }, { category: "product_version", name: "openssl-1.1.1l-1.2.aarch64", product: { name: "openssl-1.1.1l-1.2.aarch64", product_id: "openssl-1.1.1l-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libopenssl-devel-1.1.1l-1.2.ppc64le", product: { name: "libopenssl-devel-1.1.1l-1.2.ppc64le", product_id: "libopenssl-devel-1.1.1l-1.2.ppc64le", }, }, { category: "product_version", name: "openssl-1.1.1l-1.2.ppc64le", product: { name: "openssl-1.1.1l-1.2.ppc64le", product_id: "openssl-1.1.1l-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libopenssl-devel-1.1.1l-1.2.s390x", product: { name: "libopenssl-devel-1.1.1l-1.2.s390x", product_id: "libopenssl-devel-1.1.1l-1.2.s390x", }, }, { category: "product_version", name: "openssl-1.1.1l-1.2.s390x", product: { name: "openssl-1.1.1l-1.2.s390x", product_id: "openssl-1.1.1l-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libopenssl-devel-1.1.1l-1.2.x86_64", product: { name: "libopenssl-devel-1.1.1l-1.2.x86_64", product_id: "libopenssl-devel-1.1.1l-1.2.x86_64", }, }, { category: "product_version", name: "openssl-1.1.1l-1.2.x86_64", product: { name: "openssl-1.1.1l-1.2.x86_64", product_id: "openssl-1.1.1l-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libopenssl-devel-1.1.1l-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", }, product_reference: "libopenssl-devel-1.1.1l-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libopenssl-devel-1.1.1l-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", }, product_reference: "libopenssl-devel-1.1.1l-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libopenssl-devel-1.1.1l-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", }, product_reference: "libopenssl-devel-1.1.1l-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libopenssl-devel-1.1.1l-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", }, product_reference: "libopenssl-devel-1.1.1l-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "openssl-1.1.1l-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", }, product_reference: "openssl-1.1.1l-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "openssl-1.1.1l-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", }, product_reference: "openssl-1.1.1l-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "openssl-1.1.1l-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", }, product_reference: "openssl-1.1.1l-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "openssl-1.1.1l-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", }, product_reference: "openssl-1.1.1l-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2006-2937", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2006-2937", }, ], notes: [ { category: "general", text: "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2006-2937", url: "https://www.suse.com/security/cve/CVE-2006-2937", }, { category: "external", summary: "SUSE Bug 202366 for CVE-2006-2937", url: "https://bugzilla.suse.com/202366", }, { category: "external", summary: "SUSE Bug 207635 for CVE-2006-2937", url: "https://bugzilla.suse.com/207635", }, { category: "external", summary: "SUSE Bug 215623 for CVE-2006-2937", url: "https://bugzilla.suse.com/215623", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2006-2937", }, { cve: "CVE-2006-2940", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2006-2940", }, ], notes: [ { category: "general", text: "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2006-2940", url: "https://www.suse.com/security/cve/CVE-2006-2940", }, { category: "external", summary: "SUSE Bug 202366 for CVE-2006-2940", url: "https://bugzilla.suse.com/202366", }, { category: "external", summary: "SUSE Bug 207635 for CVE-2006-2940", url: "https://bugzilla.suse.com/207635", }, { category: "external", summary: "SUSE Bug 208971 for CVE-2006-2940", url: "https://bugzilla.suse.com/208971", }, { category: "external", summary: "SUSE Bug 215623 for CVE-2006-2940", url: "https://bugzilla.suse.com/215623", }, { category: "external", summary: "SUSE Bug 223040 for CVE-2006-2940", url: "https://bugzilla.suse.com/223040", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2006-2940", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2006-2940", }, { cve: "CVE-2006-3738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2006-3738", }, ], notes: [ { category: "general", text: "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2006-3738", url: "https://www.suse.com/security/cve/CVE-2006-3738", }, { category: "external", summary: "SUSE Bug 202366 for CVE-2006-3738", url: "https://bugzilla.suse.com/202366", }, { category: "external", summary: "SUSE Bug 215623 for CVE-2006-3738", url: "https://bugzilla.suse.com/215623", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2006-3738", }, { cve: "CVE-2006-4339", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2006-4339", }, ], notes: [ { category: "general", text: "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2006-4339", url: "https://www.suse.com/security/cve/CVE-2006-4339", }, { category: "external", summary: "SUSE Bug 202366 for CVE-2006-4339", url: "https://bugzilla.suse.com/202366", }, { category: "external", summary: "SUSE Bug 203595 for CVE-2006-4339", url: "https://bugzilla.suse.com/203595", }, { category: "external", summary: "SUSE Bug 206636 for CVE-2006-4339", url: "https://bugzilla.suse.com/206636", }, { category: "external", summary: "SUSE Bug 207635 for CVE-2006-4339", url: "https://bugzilla.suse.com/207635", }, { category: "external", summary: "SUSE Bug 215623 for CVE-2006-4339", url: "https://bugzilla.suse.com/215623", }, { category: "external", summary: "SUSE Bug 218303 for CVE-2006-4339", url: "https://bugzilla.suse.com/218303", }, { category: "external", summary: "SUSE Bug 233584 for CVE-2006-4339", url: "https://bugzilla.suse.com/233584", }, { category: "external", summary: "SUSE Bug 564512 for CVE-2006-4339", url: "https://bugzilla.suse.com/564512", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2006-4339", }, { cve: "CVE-2006-4343", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2006-4343", }, ], notes: [ { category: "general", text: "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2006-4343", url: "https://www.suse.com/security/cve/CVE-2006-4343", }, { category: "external", summary: "SUSE Bug 202366 for CVE-2006-4343", url: "https://bugzilla.suse.com/202366", }, { category: "external", summary: "SUSE Bug 207635 for CVE-2006-4343", url: "https://bugzilla.suse.com/207635", }, { category: "external", summary: "SUSE Bug 215623 for CVE-2006-4343", url: "https://bugzilla.suse.com/215623", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2006-4343", }, { cve: "CVE-2007-3108", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2007-3108", }, ], notes: [ { category: "general", text: "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2007-3108", url: "https://www.suse.com/security/cve/CVE-2007-3108", }, { category: "external", summary: "SUSE Bug 296511 for CVE-2007-3108", url: "https://bugzilla.suse.com/296511", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2007-3108", }, { cve: "CVE-2007-5135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2007-5135", }, ], notes: [ { category: "general", text: "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2007-5135", url: "https://www.suse.com/security/cve/CVE-2007-5135", }, { category: "external", summary: "SUSE Bug 329208 for CVE-2007-5135", url: "https://bugzilla.suse.com/329208", }, { category: "external", summary: "SUSE Bug 331726 for CVE-2007-5135", url: "https://bugzilla.suse.com/331726", }, { category: "external", summary: "SUSE Bug 363663 for CVE-2007-5135", url: "https://bugzilla.suse.com/363663", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2007-5135", }, { cve: "CVE-2008-0891", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-0891", }, ], notes: [ { category: "general", text: "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-0891", url: "https://www.suse.com/security/cve/CVE-2008-0891", }, { category: "external", summary: "SUSE Bug 394317 for CVE-2008-0891", url: "https://bugzilla.suse.com/394317", }, { category: "external", summary: "SUSE Bug 404511 for CVE-2008-0891", url: "https://bugzilla.suse.com/404511", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2008-0891", }, { cve: "CVE-2008-1672", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-1672", }, ], notes: [ { category: "general", text: "OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses \"particular cipher suites,\" which triggers a NULL pointer dereference.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-1672", url: "https://www.suse.com/security/cve/CVE-2008-1672", }, { category: "external", summary: "SUSE Bug 394317 for CVE-2008-1672", url: "https://bugzilla.suse.com/394317", }, { category: "external", summary: "SUSE Bug 404511 for CVE-2008-1672", url: "https://bugzilla.suse.com/404511", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2008-1672", }, { cve: "CVE-2016-7055", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7055", }, ], notes: [ { category: "general", text: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7055", url: "https://www.suse.com/security/cve/CVE-2016-7055", }, { category: "external", summary: "SUSE Bug 1009528 for CVE-2016-7055", url: "https://bugzilla.suse.com/1009528", }, { category: "external", summary: "SUSE Bug 1021641 for CVE-2016-7055", url: "https://bugzilla.suse.com/1021641", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-7055", }, { cve: "CVE-2016-7056", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7056", }, ], notes: [ { category: "general", text: "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7056", url: "https://www.suse.com/security/cve/CVE-2016-7056", }, { category: "external", summary: "SUSE Bug 1005878 for CVE-2016-7056", url: "https://bugzilla.suse.com/1005878", }, { category: "external", summary: "SUSE Bug 1019334 for CVE-2016-7056", url: "https://bugzilla.suse.com/1019334", }, { category: "external", summary: "SUSE Bug 1148697 for CVE-2016-7056", url: "https://bugzilla.suse.com/1148697", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7056", }, { cve: "CVE-2017-3731", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3731", }, ], notes: [ { category: "general", text: "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3731", url: "https://www.suse.com/security/cve/CVE-2017-3731", }, { category: "external", summary: "SUSE Bug 1021641 for CVE-2017-3731", url: "https://bugzilla.suse.com/1021641", }, { category: "external", summary: "SUSE Bug 1022085 for CVE-2017-3731", url: "https://bugzilla.suse.com/1022085", }, { category: "external", summary: "SUSE Bug 1064118 for CVE-2017-3731", url: "https://bugzilla.suse.com/1064118", }, { category: "external", summary: "SUSE Bug 1064119 for CVE-2017-3731", url: "https://bugzilla.suse.com/1064119", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-3731", }, { cve: "CVE-2017-3732", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3732", }, ], notes: [ { category: "general", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3732", url: "https://www.suse.com/security/cve/CVE-2017-3732", }, { category: "external", summary: "SUSE Bug 1021641 for CVE-2017-3732", url: "https://bugzilla.suse.com/1021641", }, { category: "external", summary: "SUSE Bug 1022086 for CVE-2017-3732", url: "https://bugzilla.suse.com/1022086", }, { category: "external", summary: "SUSE Bug 1049418 for CVE-2017-3732", url: "https://bugzilla.suse.com/1049418", }, { category: "external", summary: "SUSE Bug 1049421 for CVE-2017-3732", url: "https://bugzilla.suse.com/1049421", }, { category: "external", summary: "SUSE Bug 1049422 for CVE-2017-3732", url: "https://bugzilla.suse.com/1049422", }, { category: "external", summary: "SUSE Bug 1066242 for CVE-2017-3732", url: "https://bugzilla.suse.com/1066242", }, { category: "external", summary: "SUSE Bug 1071906 for CVE-2017-3732", url: "https://bugzilla.suse.com/1071906", }, { category: "external", summary: "SUSE Bug 957814 for CVE-2017-3732", url: "https://bugzilla.suse.com/957814", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x", "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-3732", }, ], }
CVE-2016-7056 (GCVE-0-2016-7056)
Vulnerability from cvelistv5
Published
2018-09-10 16:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The OpenSSL Project | openssl |
Version: openssl 1.0.1u |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:50:46.703Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://eprint.iacr.org/2016/1195", }, { name: "RHSA-2017:1801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008", }, { name: "RHSA-2017:1413", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig", }, { name: "1037575", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037575", }, { name: "RHSA-2017:1414", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { name: "[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://seclists.org/oss-sec/2017/q1/52", }, { name: "DSA-3773", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-3773", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html", }, { name: "95375", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95375", }, { name: "RHSA-2017:1415", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-7056", }, { name: "RHSA-2017:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openssl", vendor: "The OpenSSL Project", versions: [ { status: "affected", version: "openssl 1.0.1u", }, ], }, ], datePublic: "2017-01-10T00:00:00", descriptions: [ { lang: "en", value: "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-385", description: "CWE-385", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-11T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://eprint.iacr.org/2016/1195", }, { name: "RHSA-2017:1801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008", }, { name: "RHSA-2017:1413", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig", }, { name: "1037575", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037575", }, { name: "RHSA-2017:1414", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { name: "[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://seclists.org/oss-sec/2017/q1/52", }, { name: "DSA-3773", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-3773", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html", }, { name: "95375", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95375", }, { name: "RHSA-2017:1415", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-7056", }, { name: "RHSA-2017:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-7056", datePublished: "2018-09-10T16:00:00", dateReserved: "2016-08-23T00:00:00", dateUpdated: "2024-08-06T01:50:46.703Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-3732 (GCVE-0-2017-3732)
Vulnerability from cvelistv5
Published
2017-05-04 19:00
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenSSL | OpenSSL |
Version: openssl-1.1.0 Version: openssl-1.1.0a Version: openssl-1.1.0b Version: openssl-1.1.0c Version: openssl-1.0.2 Version: openssl-1.0.2a Version: openssl-1.0.2b Version: openssl-1.0.2c Version: openssl-1.0.2d Version: openssl-1.0.2e Version: openssl-1.0.2f Version: openssl-1.0.2g Version: openssl-1.0.2h Version: openssl-1.0.2i Version: openssl-1.0.2j |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:40.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2018:2713", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2713", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", }, { name: "FreeBSD-SA-17:02", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20170126.txt", }, { name: "1037717", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037717", }, { name: "RHSA-2018:2575", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2575", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2017-04", }, { name: "GLSA-201702-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201702-07", }, { name: "RHSA-2018:2568", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2568", }, { name: "95814", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95814", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "openssl-1.1.0", }, { status: "affected", version: "openssl-1.1.0a", }, { status: "affected", version: "openssl-1.1.0b", }, { status: "affected", version: "openssl-1.1.0c", }, { status: "affected", version: "openssl-1.0.2", }, { status: "affected", version: "openssl-1.0.2a", }, { status: "affected", version: "openssl-1.0.2b", }, { status: "affected", version: "openssl-1.0.2c", }, { status: "affected", version: "openssl-1.0.2d", }, { status: "affected", version: "openssl-1.0.2e", }, { status: "affected", version: "openssl-1.0.2f", }, { status: "affected", version: "openssl-1.0.2g", }, { status: "affected", version: "openssl-1.0.2h", }, { status: "affected", version: "openssl-1.0.2i", }, { status: "affected", version: "openssl-1.0.2j", }, ], }, ], credits: [ { lang: "en", value: "OSS-Fuzz project", }, ], datePublic: "2017-01-26T00:00:00", descriptions: [ { lang: "en", value: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "carry-propagating bug", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-23T19:08:15", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2018:2713", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2713", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", }, { name: "FreeBSD-SA-17:02", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20170126.txt", }, { name: "1037717", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037717", }, { name: "RHSA-2018:2575", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2575", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2017-04", }, { name: "GLSA-201702-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201702-07", }, { name: "RHSA-2018:2568", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2568", }, { name: "95814", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95814", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, ], title: "BN_mod_exp may produce incorrect results on x86_64", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2017-01-26", ID: "CVE-2017-3732", STATE: "PUBLIC", TITLE: "BN_mod_exp may produce incorrect results on x86_64", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "openssl-1.1.0", }, { version_value: "openssl-1.1.0a", }, { version_value: "openssl-1.1.0b", }, { version_value: "openssl-1.1.0c", }, { version_value: "openssl-1.0.2", }, { version_value: "openssl-1.0.2a", }, { version_value: "openssl-1.0.2b", }, { version_value: "openssl-1.0.2c", }, { version_value: "openssl-1.0.2d", }, { version_value: "openssl-1.0.2e", }, { version_value: "openssl-1.0.2f", }, { version_value: "openssl-1.0.2g", }, { version_value: "openssl-1.0.2h", }, { version_value: "openssl-1.0.2i", }, { version_value: "openssl-1.0.2j", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "OSS-Fuzz project", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "carry-propagating bug", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:2185", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2018:2713", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2713", }, { name: "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", refsource: "MISC", url: "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", }, { name: "FreeBSD-SA-17:02", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { name: "https://www.openssl.org/news/secadv/20170126.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20170126.txt", }, { name: "1037717", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037717", }, { name: "RHSA-2018:2575", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2575", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "https://www.tenable.com/security/tns-2017-04", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2017-04", }, { name: "GLSA-201702-07", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201702-07", }, { name: "RHSA-2018:2568", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2568", }, { name: "95814", refsource: "BID", url: "http://www.securityfocus.com/bid/95814", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", }, { name: "RHSA-2018:2187", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2017-3732", datePublished: "2017-05-04T19:00:00Z", dateReserved: "2016-12-16T00:00:00", dateUpdated: "2024-09-16T22:08:37.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2006-2937 (GCVE-0-2006-2937)
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T18:06:27.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2006:172", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "22212", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22212", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.attachmate.com/techdocs/2374.html", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23915", }, { name: "201534", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "1016943", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1016943", }, { name: "23038", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23038", }, { name: "2006-0054", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "23309", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23309", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "ADV-2006-4401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "USN-353-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "22116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22116", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "22166", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22166", }, { name: "RHSA-2006:0695", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "23340", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23340", }, { name: "22385", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22385", }, { name: "SUSE-SR:2006:024", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22758", }, { name: "22487", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22487", }, { name: "SUSE-SA:2006:058", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "22772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22772", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "31531", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31531", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf", }, { name: "FreeBSD-SA-06:23.openssl", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "22165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22165", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "22220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22220", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openvpn.net/changelog.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/server/doc/releasenotes_server.html", }, { name: "25889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25889", }, { name: "openssl-asn1-error-dos(29228)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228", }, { name: "ADV-2006-4036", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "ADV-2006-4019", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4019", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred", ], url: "http://openbsd.org/errata.html#openssl2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30124", }, { name: "22626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22626", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "23351", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23351", }, { name: "ADV-2006-3869", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "22671", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22671", }, { name: "20248", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/20248", }, { name: "22544", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22544", }, { name: "22298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22298", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22130", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31492", }, { name: "ADV-2006-4329", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4329", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22284", }, { name: "24930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24930", }, { name: "ADV-2006-4327", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4327", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "GLSA-200610-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { name: "23131", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23131", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3860", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "23280", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23280", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/player/doc/releasenotes_player.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.f-secure.com/security/fsc-2006-6.shtml", }, { name: "ADV-2006-4264", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4264", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", }, { name: "22193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "ADV-2008-2396", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2396", }, { name: "ADV-2006-4761", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4761", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23155", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22799", }, { name: "200585", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1", }, { name: "SSA:2006-272-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.serv-u.com/releasenotes/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "29260", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/29260", }, { name: "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://marc.info/?l=bind-announce&m=116253119512445&w=2", }, { name: "22094", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22094", }, { name: "22186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22186", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "ADV-2007-2315", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2315", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489739/100/0/threaded", }, { name: "22216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22216", }, { name: "ADV-2006-3820", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", }, { name: "HPSBUX02174", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "oval:org.mitre.oval:def:10560", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560", }, { name: "OpenPKG-SA-2006.021", tags: [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", }, { name: "102747", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1", }, { name: "VU#247744", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/247744", }, { name: "ADV-2008-0905", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0905/references", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "ADV-2006-4980", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4980", }, { name: "22240", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22240", }, { name: "22330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22330", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "DSA-1185", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "20061001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf", }, { name: "22207", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22207", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "ADV-2006-3902", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22259", }, { name: "22460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22460", }, { name: "22172", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22172", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "28276", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28276", }, { name: "102668", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24950", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-09-28T00:00:00", descriptions: [ { lang: "en", value: "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-18T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "MDKSA-2006:172", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "22212", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22212", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.attachmate.com/techdocs/2374.html", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23915", }, { name: "201534", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "1016943", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1016943", }, { name: "23038", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23038", }, { name: "2006-0054", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "23309", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23309", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "ADV-2006-4401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "USN-353-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "22116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22116", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "22166", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22166", }, { name: "RHSA-2006:0695", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "23340", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23340", }, { name: "22385", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22385", }, { name: "SUSE-SR:2006:024", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22758", }, { name: "22487", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22487", }, { name: "SUSE-SA:2006:058", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "22772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22772", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "31531", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31531", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf", }, { name: "FreeBSD-SA-06:23.openssl", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "22165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22165", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "22220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22220", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openvpn.net/changelog.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/server/doc/releasenotes_server.html", }, { name: "25889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25889", }, { name: "openssl-asn1-error-dos(29228)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228", }, { name: "ADV-2006-4036", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "ADV-2006-4019", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4019", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", ], url: "http://openbsd.org/errata.html#openssl2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30124", }, { name: "22626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22626", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "23351", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23351", }, { name: "ADV-2006-3869", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "22671", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22671", }, { name: "20248", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/20248", }, { name: "22544", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22544", }, { name: "22298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22298", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22130", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31492", }, { name: "ADV-2006-4329", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4329", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22284", }, { name: "24930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24930", }, { name: "ADV-2006-4327", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4327", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "GLSA-200610-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { name: "23131", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23131", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3860", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "23280", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23280", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/player/doc/releasenotes_player.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.f-secure.com/security/fsc-2006-6.shtml", }, { name: "ADV-2006-4264", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4264", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", }, { name: "22193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "ADV-2008-2396", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2396", }, { name: "ADV-2006-4761", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4761", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23155", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22799", }, { name: "200585", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1", }, { name: "SSA:2006-272-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.serv-u.com/releasenotes/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "29260", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/29260", }, { name: "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://marc.info/?l=bind-announce&m=116253119512445&w=2", }, { name: "22094", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22094", }, { name: "22186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22186", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "ADV-2007-2315", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2315", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489739/100/0/threaded", }, { name: "22216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22216", }, { name: "ADV-2006-3820", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", }, { name: "HPSBUX02174", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "oval:org.mitre.oval:def:10560", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560", }, { name: "OpenPKG-SA-2006.021", tags: [ "vendor-advisory", "x_refsource_OPENPKG", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", }, { name: "102747", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1", }, { name: "VU#247744", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/247744", }, { name: "ADV-2008-0905", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0905/references", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "ADV-2006-4980", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4980", }, { name: "22240", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22240", }, { name: "22330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22330", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "DSA-1185", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "20061001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf", }, { name: "22207", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22207", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "ADV-2006-3902", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22259", }, { name: "22460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22460", }, { name: "22172", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22172", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "28276", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28276", }, { name: "102668", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24950", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2006-2937", datePublished: "2006-09-28T18:00:00", dateReserved: "2006-06-09T00:00:00", dateUpdated: "2024-08-07T18:06:27.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2006-2940 (GCVE-0-2006-2940)
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T18:06:27.233Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2006:172", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "22212", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22212", }, { name: "USN-353-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-353-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.attachmate.com/techdocs/2374.html", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23915", }, { name: "201534", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "1016943", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1016943", }, { name: "23038", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23038", }, { name: "2006-0054", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "DSA-1195", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1195", }, { name: "23309", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23309", }, { name: "26893", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26893", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "ADV-2006-4401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "USN-353-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "22116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22116", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "22166", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22166", }, { name: "RHSA-2006:0695", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "23340", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23340", }, { name: "22385", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22385", }, { name: "SUSE-SR:2006:024", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22758", }, { name: "22487", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22487", }, { name: "SUSE-SA:2006:058", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "22772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22772", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "31531", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31531", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf", }, { name: "FreeBSD-SA-06:23.openssl", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "22165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22165", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "23794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23794", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "22220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22220", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openvpn.net/changelog.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/server/doc/releasenotes_server.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1633", }, { name: "25889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25889", }, { name: "ADV-2006-4036", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "oval:org.mitre.oval:def:10311", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311", }, { name: "ADV-2006-4019", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4019", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred", ], url: "http://openbsd.org/errata.html#openssl2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30124", }, { name: "22626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22626", }, { name: "openssl-publickey-dos(29230)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230", }, { name: "22083", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22083", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "23351", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23351", }, { name: "ADV-2006-3869", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "22671", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22671", }, { name: "22544", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22544", }, { name: "22298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22298", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22130", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31492", }, { name: "ADV-2006-4329", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4329", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22284", }, { name: "24930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24930", }, { name: "ADV-2006-4327", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4327", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "GLSA-200610-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3860", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "23280", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23280", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/player/doc/releasenotes_player.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { name: "ADV-2006-4264", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4264", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", }, { name: "22193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "ADV-2008-2396", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2396", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23155", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22799", }, { name: "200585", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1", }, { name: "SSA:2006-272-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.serv-u.com/releasenotes/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://marc.info/?l=bind-announce&m=116253119512445&w=2", }, { name: "22094", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22094", }, { name: "22186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22186", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "ADV-2007-2315", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2315", }, { name: "22500", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22500", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489739/100/0/threaded", }, { name: "22216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22216", }, { name: "ADV-2006-3820", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", }, { name: "HPSBUX02174", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "OpenPKG-SA-2006.021", tags: [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", }, { name: "102747", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1", }, { name: "ADV-2008-0905", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0905/references", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "20247", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/20247", }, { name: "29261", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/29261", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "ADV-2006-4980", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4980", }, { name: "22240", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22240", }, { name: "22330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22330", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "DSA-1185", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "20061001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf", }, { name: "22207", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22207", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "1017522", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017522", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "ADV-2006-3902", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22259", }, { name: "22460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22460", }, { name: "22172", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22172", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "28276", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28276", }, { name: "102668", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24950", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-09-28T00:00:00", descriptions: [ { lang: "en", value: "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-18T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "MDKSA-2006:172", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "22212", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22212", }, { name: "USN-353-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-353-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.attachmate.com/techdocs/2374.html", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23915", }, { name: "201534", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "1016943", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1016943", }, { name: "23038", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23038", }, { name: "2006-0054", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "DSA-1195", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1195", }, { name: "23309", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23309", }, { name: "26893", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26893", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "ADV-2006-4401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "USN-353-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "22116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22116", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "22166", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22166", }, { name: "RHSA-2006:0695", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "23340", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23340", }, { name: "22385", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22385", }, { name: "SUSE-SR:2006:024", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22758", }, { name: "22487", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22487", }, { name: "SUSE-SA:2006:058", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "22772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22772", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "31531", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31531", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf", }, { name: "FreeBSD-SA-06:23.openssl", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "22165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22165", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "23794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23794", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "22220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22220", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openvpn.net/changelog.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/server/doc/releasenotes_server.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1633", }, { name: "25889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25889", }, { name: "ADV-2006-4036", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "oval:org.mitre.oval:def:10311", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311", }, { name: "ADV-2006-4019", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4019", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", ], url: "http://openbsd.org/errata.html#openssl2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30124", }, { name: "22626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22626", }, { name: "openssl-publickey-dos(29230)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230", }, { name: "22083", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22083", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "23351", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23351", }, { name: "ADV-2006-3869", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "22671", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22671", }, { name: "22544", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22544", }, { name: "22298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22298", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22130", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31492", }, { name: "ADV-2006-4329", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4329", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22284", }, { name: "24930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24930", }, { name: "ADV-2006-4327", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4327", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "GLSA-200610-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3860", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "23280", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23280", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/player/doc/releasenotes_player.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { name: "ADV-2006-4264", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4264", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", }, { name: "22193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "ADV-2008-2396", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2396", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23155", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22799", }, { name: "200585", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1", }, { name: "SSA:2006-272-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.serv-u.com/releasenotes/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://marc.info/?l=bind-announce&m=116253119512445&w=2", }, { name: "22094", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22094", }, { name: "22186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22186", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "ADV-2007-2315", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2315", }, { name: "22500", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22500", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489739/100/0/threaded", }, { name: "22216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22216", }, { name: "ADV-2006-3820", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", }, { name: "HPSBUX02174", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "OpenPKG-SA-2006.021", tags: [ "vendor-advisory", "x_refsource_OPENPKG", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", }, { name: "102747", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1", }, { name: "ADV-2008-0905", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0905/references", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "20247", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/20247", }, { name: "29261", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/29261", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "ADV-2006-4980", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4980", }, { name: "22240", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22240", }, { name: "22330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22330", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "DSA-1185", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "20061001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf", }, { name: "22207", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22207", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "1017522", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017522", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "ADV-2006-3902", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22259", }, { name: "22460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22460", }, { name: "22172", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22172", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "28276", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28276", }, { name: "102668", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24950", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2006-2940", datePublished: "2006-09-28T18:00:00", dateReserved: "2006-06-09T00:00:00", dateUpdated: "2024-08-07T18:06:27.233Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-7055 (GCVE-0-2016-7055)
Vulnerability from cvelistv5
Published
2017-05-04 20:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:50:46.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", }, { name: "FreeBSD-SA-17:02", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2017-04", }, { name: "GLSA-201702-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201702-07", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "94242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94242", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20161110.txt", }, { name: "1037261", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037261", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-11-10T00:00:00", descriptions: [ { lang: "en", value: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-23T19:08:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", }, { name: "FreeBSD-SA-17:02", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2017-04", }, { name: "GLSA-201702-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201702-07", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "94242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94242", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20161110.txt", }, { name: "1037261", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037261", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-7055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:2185", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", }, { name: "FreeBSD-SA-17:02", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "https://www.tenable.com/security/tns-2017-04", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2017-04", }, { name: "GLSA-201702-07", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201702-07", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "94242", refsource: "BID", url: "http://www.securityfocus.com/bid/94242", }, { name: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us", }, { name: "RHSA-2018:2187", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { name: "https://www.openssl.org/news/secadv/20161110.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20161110.txt", }, { name: "1037261", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037261", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-7055", datePublished: "2017-05-04T20:00:00", dateReserved: "2016-08-23T00:00:00", dateUpdated: "2024-08-06T01:50:46.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2006-4339 (GCVE-0-2006-4339)
Vulnerability from cvelistv5
Published
2006-09-05 17:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T19:06:07.378Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { name: "SSRT061273", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495", }, { name: "ADV-2006-3453", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3453", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23915", }, { name: "201534", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "JVN#51615542", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN51615542/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=307177", }, { name: "60799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60799", }, { name: "28549", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/28549", }, { name: "ADV-2006-4366", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4366", }, { name: "22932", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22932", }, { name: "ADV-2006-3748", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3748", }, { name: "21791", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21791", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html", }, { name: "GLSA-201408-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml", }, { name: "26893", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26893", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20060905.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "22509", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22509", }, { name: "MDKSA-2006:207", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:207", }, { name: "RHSA-2006:0661", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0661.html", }, { name: "SUSE-SA:2006:061", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_61_opera.html", }, { name: "21930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21930", }, { name: "22940", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22940", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "21852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21852", }, { name: "BEA07-169.00", tags: [ "vendor-advisory", "x_refsource_BEA", "x_transferred", ], url: "http://dev2dev.bea.com/pub/advisory/238", }, { name: "21823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21823", }, { name: "102657", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22758", }, { name: "22938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22938", }, { name: "ADV-2006-3899", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3899", }, { name: "22044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22044", }, { name: "ADV-2007-1945", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1945", }, { name: "RHSA-2007:0062", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0062.html", }, { name: "OpenPKG-SA-2006.029", tags: [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html", }, { name: "ADV-2006-4206", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4206", }, { name: "ADV-2006-3730", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3730", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "21812", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21812", }, { name: "22523", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22523", }, { name: "HPSBUX02165", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/450327/100/0/threaded", }, { name: "22689", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22689", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "23794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23794", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "102759", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1", }, { name: "GLSA-200609-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200609-05.xml", }, { name: "22711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22711", }, { name: "20060905 rPSA-2006-0163-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/445231/100/0/threaded", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openvpn.net/changelog.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/server/doc/releasenotes_server.html", }, { name: "[3.9] 20060908 011: SECURITY FIX: September 8, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred", ], url: "http://www.openbsd.org/errata.html", }, { name: "22733", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22733", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1633", }, { name: "22949", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22949", }, { name: "SSA:2006-310-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955", }, { name: "USN-339-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-339-1", }, { name: "ADV-2006-3566", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3566", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf", }, { name: "SUSE-SR:2006:026", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_26_sr.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", }, { name: "102744", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1", }, { name: "22446", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22446", }, { name: "22939", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22939", }, { name: "24099", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24099", }, { name: "20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/445822/100/0/threaded", }, { name: "25284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25284", }, { name: "22083", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22083", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "1016791", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1016791", }, { name: "25649", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25649", }, { name: "ADV-2010-0366", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/0366", }, { name: "22671", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22671", }, { name: "[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html", }, { name: "102722", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1", }, { name: "21785", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21785", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31492", }, { name: "ADV-2006-4329", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4329", }, { name: "DSA-1173", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.us.debian.org/security/2006/dsa-1173", }, { name: "38567", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38567", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22284", }, { name: "24930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24930", }, { name: "ADV-2006-4327", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4327", }, { name: "MDKSA-2006:161", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:161", }, { name: "21778", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21778", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "102696", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1", }, { name: "APPLE-SA-2007-12-14", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html", }, { name: "ADV-2007-2163", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2163", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", }, { name: "102656", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1", }, { name: "SUSE-SA:2007:010", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "20060901-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/player/doc/releasenotes_player.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", }, { name: "21982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21982", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.attachmate.com/techdocs/2137.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-616", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.attachmate.com/techdocs/2127.html", }, { name: "GLSA-200610-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml", }, { name: "DSA-1174", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1174", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23155", }, { name: "1000148", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openoffice.org/security/cves/CVE-2006-4339.html", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22799", }, { name: "ADV-2006-4207", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4207", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.sybase.com/detail?id=1047991", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "21873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21873", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "RHSA-2007:0072", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0072.html", }, { name: "JVNDB-2012-000079", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.serv-u.com/releasenotes/", }, { name: "ADV-2006-4744", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4744", }, { name: "38568", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38568", }, { name: "21846", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21846", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "HPSBUX02219", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495", }, { name: "ADV-2007-0254", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0254", }, { name: "SSRT061266", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/450327/100/0/threaded", }, { name: "SSRT061181", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742", }, { name: "ADV-2007-4224", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/4224", }, { name: "22161", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22161", }, { name: "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://marc.info/?l=bind-announce&m=116253119512445&w=2", }, { name: "22937", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22937", }, { name: "22325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22325", }, { name: "102648", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1", }, { name: "ADV-2007-2315", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2315", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.opera.com/support/search/supsearch.dml?index=845", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "21767", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21767", }, { name: "ADV-2007-1815", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1815", }, { name: "22232", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22232", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "21906", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21906", }, { name: "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489739/100/0/threaded", }, { name: "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", }, { name: "HPSBUX02153", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742", }, { name: "22934", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22934", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", }, { name: "RHSA-2007:0073", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0073.html", }, { name: "22585", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22585", }, { name: "25399", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25399", }, { name: "ADV-2008-0905", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0905/references", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "201247", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1", }, { name: "openssl-rsa-security-bypass(28755)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755", }, { name: "22513", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22513", }, { name: "41818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41818", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.attachmate.com/techdocs/2128.html", }, { name: "oval:org.mitre.oval:def:11656", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", }, { name: "21776", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21776", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "FreeBSD-SA-06:19", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc", }, { name: "23455", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23455", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "28115", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28115", }, { name: "22226", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22226", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "22066", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22066", }, { name: "22936", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22936", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "OpenPKG-SA-2006.018", tags: [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred", ], url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "22545", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22545", }, { name: "1017522", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017522", }, { name: "22948", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22948", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "23841", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23841", }, { name: "ADV-2006-4205", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4205", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22259", }, { name: "22036", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22036", }, { name: "200708", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1", }, { name: "ADV-2006-4586", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4586", }, { name: "21927", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21927", }, { name: "SUSE-SA:2006:055", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_55_ssl.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "ADV-2006-5146", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/5146", }, { name: "21870", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21870", }, { name: "ADV-2006-4216", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4216", }, { name: "ADV-2006-3793", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3793", }, { name: "28276", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28276", }, { name: "21709", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21709", }, { name: "VU#845620", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/845620", }, { name: "SSA:2006-257-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306", }, { name: "GLSA-200609-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200609-18.xml", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "102686", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24950", }, { name: "19849", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/19849", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-08-27T00:00:00", descriptions: [ { lang: "en", value: "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { name: "SSRT061273", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495", }, { name: "ADV-2006-3453", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3453", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23915", }, { name: "201534", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "JVN#51615542", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN51615542/index.html", }, { tags: [ "x_refsource_MISC", ], url: "http://docs.info.apple.com/article.html?artnum=307177", }, { name: "60799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60799", }, { name: "28549", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/28549", }, { name: "ADV-2006-4366", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4366", }, { name: "22932", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22932", }, { name: "ADV-2006-3748", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3748", }, { name: "21791", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21791", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html", }, { name: "GLSA-201408-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml", }, { name: "26893", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26893", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20060905.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "22509", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22509", }, { name: "MDKSA-2006:207", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:207", }, { name: "RHSA-2006:0661", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0661.html", }, { name: "SUSE-SA:2006:061", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_61_opera.html", }, { name: "21930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21930", }, { name: "22940", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22940", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "21852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21852", }, { name: "BEA07-169.00", tags: [ "vendor-advisory", "x_refsource_BEA", ], url: "http://dev2dev.bea.com/pub/advisory/238", }, { name: "21823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21823", }, { name: "102657", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22758", }, { name: "22938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22938", }, { name: "ADV-2006-3899", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3899", }, { name: "22044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22044", }, { name: "ADV-2007-1945", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1945", }, { name: "RHSA-2007:0062", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0062.html", }, { name: "OpenPKG-SA-2006.029", tags: [ "vendor-advisory", "x_refsource_OPENPKG", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html", }, { name: "ADV-2006-4206", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4206", }, { name: "ADV-2006-3730", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3730", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "21812", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21812", }, { name: "22523", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22523", }, { name: "HPSBUX02165", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.securityfocus.com/archive/1/450327/100/0/threaded", }, { name: "22689", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22689", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "23794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23794", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "102759", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1", }, { name: "GLSA-200609-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200609-05.xml", }, { name: "22711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22711", }, { name: "20060905 rPSA-2006-0163-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/445231/100/0/threaded", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openvpn.net/changelog.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/server/doc/releasenotes_server.html", }, { name: "[3.9] 20060908 011: SECURITY FIX: September 8, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", ], url: "http://www.openbsd.org/errata.html", }, { name: "22733", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22733", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1633", }, { name: "22949", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22949", }, { name: "SSA:2006-310-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955", }, { name: "USN-339-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-339-1", }, { name: "ADV-2006-3566", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3566", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf", }, { name: "SUSE-SR:2006:026", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_26_sr.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", }, { name: "102744", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1", }, { name: "22446", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22446", }, { name: "22939", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22939", }, { name: "24099", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24099", }, { name: "20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/445822/100/0/threaded", }, { name: "25284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25284", }, { name: "22083", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22083", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "1016791", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1016791", }, { name: "25649", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25649", }, { name: "ADV-2010-0366", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/0366", }, { name: "22671", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22671", }, { name: "[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html", }, { name: "102722", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1", }, { name: "21785", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21785", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31492", }, { name: "ADV-2006-4329", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4329", }, { name: "DSA-1173", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.us.debian.org/security/2006/dsa-1173", }, { name: "38567", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38567", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22284", }, { name: "24930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24930", }, { name: "ADV-2006-4327", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4327", }, { name: "MDKSA-2006:161", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:161", }, { name: "21778", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21778", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "102696", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1", }, { name: "APPLE-SA-2007-12-14", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html", }, { name: "ADV-2007-2163", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2163", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", }, { name: "102656", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1", }, { name: "SUSE-SA:2007:010", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "20060901-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/player/doc/releasenotes_player.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", }, { name: "21982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21982", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.attachmate.com/techdocs/2137.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-616", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.attachmate.com/techdocs/2127.html", }, { name: "GLSA-200610-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml", }, { name: "DSA-1174", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1174", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23155", }, { name: "1000148", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openoffice.org/security/cves/CVE-2006-4339.html", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22799", }, { name: "ADV-2006-4207", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4207", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.sybase.com/detail?id=1047991", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "21873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21873", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "RHSA-2007:0072", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0072.html", }, { name: "JVNDB-2012-000079", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.serv-u.com/releasenotes/", }, { name: "ADV-2006-4744", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4744", }, { name: "38568", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38568", }, { name: "21846", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21846", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "HPSBUX02219", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495", }, { name: "ADV-2007-0254", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0254", }, { name: "SSRT061266", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.securityfocus.com/archive/1/450327/100/0/threaded", }, { name: "SSRT061181", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742", }, { name: "ADV-2007-4224", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/4224", }, { name: "22161", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22161", }, { name: "[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://marc.info/?l=bind-announce&m=116253119512445&w=2", }, { name: "22937", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22937", }, { name: "22325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22325", }, { name: "102648", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1", }, { name: "ADV-2007-2315", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2315", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.opera.com/support/search/supsearch.dml?index=845", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "21767", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21767", }, { name: "ADV-2007-1815", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1815", }, { name: "22232", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22232", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "21906", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21906", }, { name: "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489739/100/0/threaded", }, { name: "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", }, { name: "HPSBUX02153", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742", }, { name: "22934", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22934", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", }, { name: "RHSA-2007:0073", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0073.html", }, { name: "22585", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22585", }, { name: "25399", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25399", }, { name: "ADV-2008-0905", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0905/references", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "201247", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1", }, { name: "openssl-rsa-security-bypass(28755)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/28755", }, { name: "22513", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22513", }, { name: "41818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41818", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.attachmate.com/techdocs/2128.html", }, { name: "oval:org.mitre.oval:def:11656", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", }, { name: "21776", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21776", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "FreeBSD-SA-06:19", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc", }, { name: "23455", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23455", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "28115", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28115", }, { name: "22226", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22226", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "22066", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22066", }, { name: "22936", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22936", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "OpenPKG-SA-2006.018", tags: [ "vendor-advisory", "x_refsource_OPENPKG", ], url: "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "22545", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22545", }, { name: "1017522", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017522", }, { name: "22948", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22948", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "23841", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23841", }, { name: "ADV-2006-4205", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4205", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22259", }, { name: "22036", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22036", }, { name: "200708", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1", }, { name: "ADV-2006-4586", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4586", }, { name: "21927", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21927", }, { name: "SUSE-SA:2006:055", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_55_ssl.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "ADV-2006-5146", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/5146", }, { name: "21870", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21870", }, { name: "ADV-2006-4216", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4216", }, { name: "ADV-2006-3793", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3793", }, { name: "28276", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28276", }, { name: "21709", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21709", }, { name: "VU#845620", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/845620", }, { name: "SSA:2006-257-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306", }, { name: "GLSA-200609-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200609-18.xml", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "102686", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24950", }, { name: "19849", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/19849", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2006-4339", datePublished: "2006-09-05T17:00:00", dateReserved: "2006-08-24T00:00:00", dateUpdated: "2024-08-07T19:06:07.378Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2008-1672 (GCVE-0-2008-1672)
Vulnerability from cvelistv5
Published
2008-05-29 16:00
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.259Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html", }, { name: "SSA:2008-210-08", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004", }, { name: "30852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30852", }, { name: "FEDORA-2008-4723", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html", }, { name: "openssl-serverkey-dos(42667)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42667", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400", }, { name: "30460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30460", }, { name: "30825", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30825", }, { name: "ADV-2008-1680", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1680", }, { name: "20080602 rPSA-2008-0181-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/492932/100/0/threaded", }, { name: "USN-620-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-620-1", }, { name: "30868", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30868", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20080528.txt", }, { name: "GLSA-200806-08", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200806-08.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=615606", }, { name: "31288", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31288", }, { name: "30405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30405", }, { name: "29405", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29405", }, { name: "1020122", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020122", }, { name: "ADV-2008-1937", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1937/references", }, { name: "31228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31228", }, { name: "MDVSA-2008:107", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107", }, { name: "VU#520586", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/520586", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-28T00:00:00", descriptions: [ { lang: "en", value: "OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses \"particular cipher suites,\" which triggers a NULL pointer dereference.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html", }, { name: "SSA:2008-210-08", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004", }, { name: "30852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30852", }, { name: "FEDORA-2008-4723", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html", }, { name: "openssl-serverkey-dos(42667)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42667", }, { tags: [ "x_refsource_MISC", ], url: "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400", }, { name: "30460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30460", }, { name: "30825", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30825", }, { name: "ADV-2008-1680", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1680", }, { name: "20080602 rPSA-2008-0181-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/492932/100/0/threaded", }, { name: "USN-620-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-620-1", }, { name: "30868", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30868", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20080528.txt", }, { name: "GLSA-200806-08", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200806-08.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=615606", }, { name: "31288", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31288", }, { name: "30405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30405", }, { name: "29405", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29405", }, { name: "1020122", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020122", }, { name: "ADV-2008-1937", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1937/references", }, { name: "31228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31228", }, { name: "MDVSA-2008:107", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107", }, { name: "VU#520586", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/520586", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-1672", datePublished: "2008-05-29T16:00:00", dateReserved: "2008-04-03T00:00:00", dateUpdated: "2024-08-07T08:32:01.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2007-3108 (GCVE-0-2007-3108)
Vulnerability from cvelistv5
Published
2007-08-08 01:11
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:05:28.268Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.attachmate.com/techdocs/2374.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/RGII-74KLP3", }, { name: "VU#724968", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/724968", }, { name: "26893", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26893", }, { name: "DSA-1571", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1571", }, { name: "27205", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27205", }, { name: "20070813 FLEA-2007-0043-1 openssl", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/476341/100/0/threaded", }, { name: "27097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27097", }, { name: "ADV-2008-2362", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2362", }, { name: "ADV-2007-2759", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2759", }, { name: "oval:org.mitre.oval:def:9984", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984", }, { name: "31489", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31489", }, { name: "RHSA-2007:1003", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-1003.html", }, { name: "31531", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31531", }, { name: "MDKSA-2007:193", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability", }, { name: "30220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30220", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1633", }, { name: "ADV-2007-4010", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/4010", }, { name: "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/485936/100/0/threaded", }, { name: "27770", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27770", }, { name: "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000002.html", }, { name: "26411", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26411", }, { name: "USN-522-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/522-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openssl.org/news/patch-CVE-2007-3108.txt", }, { name: "ADV-2008-2361", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2361", }, { name: "31467", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31467", }, { name: "RHSA-2007:0964", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0964.html", }, { name: "27870", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27870", }, { name: "ADV-2008-2396", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2396", }, { name: "27330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27330", }, { name: "30161", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30161", }, { name: "GLSA-200805-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { name: "28368", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28368", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm", }, { name: "27078", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27078", }, { name: "GLSA-200710-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200710-06.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cvs.openssl.org/chngview?cn=16275", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1613", }, { name: "RHSA-2007:0813", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0813.html", }, { name: "25163", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25163", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0001.html", }, { name: "ADV-2008-0064", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0064", }, { name: "27021", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27021", }, { name: "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/486859/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-08-01T00:00:00", descriptions: [ { lang: "en", value: "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.attachmate.com/techdocs/2374.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kb.cert.org/vuls/id/RGII-74KLP3", }, { name: "VU#724968", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/724968", }, { name: "26893", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26893", }, { name: "DSA-1571", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1571", }, { name: "27205", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27205", }, { name: "20070813 FLEA-2007-0043-1 openssl", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/476341/100/0/threaded", }, { name: "27097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27097", }, { name: "ADV-2008-2362", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2362", }, { name: "ADV-2007-2759", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2759", }, { name: "oval:org.mitre.oval:def:9984", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984", }, { name: "31489", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31489", }, { name: "RHSA-2007:1003", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-1003.html", }, { name: "31531", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31531", }, { name: "MDKSA-2007:193", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability", }, { name: "30220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30220", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1633", }, { name: "ADV-2007-4010", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/4010", }, { name: "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/485936/100/0/threaded", }, { name: "27770", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27770", }, { name: "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000002.html", }, { name: "26411", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26411", }, { name: "USN-522-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/522-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openssl.org/news/patch-CVE-2007-3108.txt", }, { name: "ADV-2008-2361", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2361", }, { name: "31467", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31467", }, { name: "RHSA-2007:0964", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0964.html", }, { name: "27870", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27870", }, { name: "ADV-2008-2396", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2396", }, { name: "27330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27330", }, { name: "30161", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30161", }, { name: "GLSA-200805-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { name: "28368", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28368", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm", }, { name: "27078", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27078", }, { name: "GLSA-200710-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200710-06.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://cvs.openssl.org/chngview?cn=16275", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1613", }, { name: "RHSA-2007:0813", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0813.html", }, { name: "25163", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25163", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0001.html", }, { name: "ADV-2008-0064", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0064", }, { name: "27021", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27021", }, { name: "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/486859/100/0/threaded", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2007-3108", datePublished: "2007-08-08T01:11:00", dateReserved: "2007-06-07T00:00:00", dateUpdated: "2024-08-07T14:05:28.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2007-5135 (GCVE-0-2007-5135)
Vulnerability from cvelistv5
Published
2007-09-27 20:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:17:28.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=194039", }, { name: "HPSBUX02292", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/484353/100/0/threaded", }, { name: "oval:org.mitre.oval:def:5337", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337", }, { name: "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/481217/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241", }, { name: "27205", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27205", }, { name: "27097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27097", }, { name: "ADV-2008-2362", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2362", }, { name: "1018755", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018755", }, { name: "31489", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31489", }, { name: "APPLE-SA-2008-07-31", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html", }, { name: "FEDORA-2007-725", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html", }, { name: "RHSA-2007:1003", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-1003.html", }, { name: "29242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29242", }, { name: "MDKSA-2007:193", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1770", }, { name: "27186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27186", }, { name: "27851", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27851", }, { name: "ADV-2008-2268", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2268", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30124", }, { name: "SUSE-SR:2008:005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "27394", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27394", }, { name: "[4.1] 011: SECURITY FIX: October 10, 2007", tags: [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred", ], url: "http://www.openbsd.org/errata41.html", }, { name: "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/481506/100/0/threaded", }, { name: "oval:org.mitre.oval:def:10904", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904", }, { name: "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/485936/100/0/threaded", }, { name: "31308", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31308", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22130", }, { name: "27031", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27031", }, { name: "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000002.html", }, { name: "ADV-2007-3625", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3625", }, { name: "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/480855/100/0/threaded", }, { name: "FreeBSD-SA-07:08", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc", }, { name: "USN-522-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/522-1/", }, { name: "ADV-2008-2361", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2361", }, { name: "27217", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27217", }, { name: "31467", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31467", }, { name: "27961", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27961", }, { name: "RHSA-2007:0964", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0964.html", }, { name: "27870", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27870", }, { name: "25831", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25831", }, { name: "DSA-1379", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1379", }, { name: "ADV-2007-4042", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/4042", }, { name: "20071003 FLEA-2007-0058-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/481488/100/0/threaded", }, { name: "27330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27330", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038", }, { name: "30161", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30161", }, { name: "GLSA-200805-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { name: "28368", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28368", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1769", }, { name: "27012", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27012", }, { name: "3179", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3179", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm", }, { name: "27229", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27229", }, { name: "27051", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27051", }, { name: "31326", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31326", }, { name: "27078", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27078", }, { name: "GLSA-200710-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200710-06.xml", }, { name: "SSRT071499", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/484353/100/0/threaded", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20071012.txt", }, { name: "200858", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1", }, { name: "[4.0] 017: SECURITY FIX: October 10, 2007", tags: [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred", ], url: "http://www.openbsd.org/errata40.html", }, { name: "[4.2] 002: SECURITY FIX: October 10, 2007", tags: [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred", ], url: "http://www.openbsd.org/errata42.html", }, { name: "openssl-sslgetshared-bo(36837)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837", }, { name: "RHSA-2007:0813", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0813.html", }, { name: "SUSE-SR:2007:020", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_20_sr.html", }, { name: "ADV-2007-3325", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3325", }, { name: "ADV-2007-4144", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/4144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0001.html", }, { name: "ADV-2008-0064", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0064", }, { name: "27021", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27021", }, { name: "103130", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1", }, { name: "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/486859/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-09-27T00:00:00", descriptions: [ { lang: "en", value: "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=194039", }, { name: "HPSBUX02292", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.securityfocus.com/archive/1/484353/100/0/threaded", }, { name: "oval:org.mitre.oval:def:5337", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337", }, { name: "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/481217/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241", }, { name: "27205", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27205", }, { name: "27097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27097", }, { name: "ADV-2008-2362", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2362", }, { name: "1018755", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018755", }, { name: "31489", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31489", }, { name: "APPLE-SA-2008-07-31", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html", }, { name: "FEDORA-2007-725", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html", }, { name: "RHSA-2007:1003", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-1003.html", }, { name: "29242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29242", }, { name: "MDKSA-2007:193", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1770", }, { name: "27186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27186", }, { name: "27851", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27851", }, { name: "ADV-2008-2268", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2268", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30124", }, { name: "SUSE-SR:2008:005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "27394", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27394", }, { name: "[4.1] 011: SECURITY FIX: October 10, 2007", tags: [ "vendor-advisory", "x_refsource_OPENBSD", ], url: "http://www.openbsd.org/errata41.html", }, { name: "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/481506/100/0/threaded", }, { name: "oval:org.mitre.oval:def:10904", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904", }, { name: "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/485936/100/0/threaded", }, { name: "31308", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31308", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22130", }, { name: "27031", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27031", }, { name: "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000002.html", }, { name: "ADV-2007-3625", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3625", }, { name: "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/480855/100/0/threaded", }, { name: "FreeBSD-SA-07:08", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc", }, { name: "USN-522-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/522-1/", }, { name: "ADV-2008-2361", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2361", }, { name: "27217", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27217", }, { name: "31467", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31467", }, { name: "27961", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27961", }, { name: "RHSA-2007:0964", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0964.html", }, { name: "27870", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27870", }, { name: "25831", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25831", }, { name: "DSA-1379", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1379", }, { name: "ADV-2007-4042", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/4042", }, { name: "20071003 FLEA-2007-0058-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/481488/100/0/threaded", }, { name: "27330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27330", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038", }, { name: "30161", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30161", }, { name: "GLSA-200805-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { name: "28368", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28368", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1769", }, { name: "27012", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27012", }, { name: "3179", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3179", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm", }, { name: "27229", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27229", }, { name: "27051", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27051", }, { name: "31326", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31326", }, { name: "27078", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27078", }, { name: "GLSA-200710-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200710-06.xml", }, { name: "SSRT071499", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.securityfocus.com/archive/1/484353/100/0/threaded", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20071012.txt", }, { name: "200858", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1", }, { name: "[4.0] 017: SECURITY FIX: October 10, 2007", tags: [ "vendor-advisory", "x_refsource_OPENBSD", ], url: "http://www.openbsd.org/errata40.html", }, { name: "[4.2] 002: SECURITY FIX: October 10, 2007", tags: [ "vendor-advisory", "x_refsource_OPENBSD", ], url: "http://www.openbsd.org/errata42.html", }, { name: "openssl-sslgetshared-bo(36837)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837", }, { name: "RHSA-2007:0813", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0813.html", }, { name: "SUSE-SR:2007:020", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_20_sr.html", }, { name: "ADV-2007-3325", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3325", }, { name: "ADV-2007-4144", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/4144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0001.html", }, { name: "ADV-2008-0064", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0064", }, { name: "27021", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27021", }, { name: "103130", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1", }, { name: "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/486859/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-5135", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.gentoo.org/show_bug.cgi?id=194039", refsource: "MISC", url: "https://bugs.gentoo.org/show_bug.cgi?id=194039", }, { name: "HPSBUX02292", refsource: "HP", url: "http://www.securityfocus.com/archive/1/484353/100/0/threaded", }, { name: "oval:org.mitre.oval:def:5337", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337", }, { name: "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/481217/100/0/threaded", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241", }, { name: "27205", refsource: "SECUNIA", url: "http://secunia.com/advisories/27205", }, { name: "27097", refsource: "SECUNIA", url: "http://secunia.com/advisories/27097", }, { name: "ADV-2008-2362", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2362", }, { name: "1018755", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1018755", }, { name: "31489", refsource: "SECUNIA", url: "http://secunia.com/advisories/31489", }, { name: "APPLE-SA-2008-07-31", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html", }, { name: "FEDORA-2007-725", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html", }, { name: "RHSA-2007:1003", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-1003.html", }, { name: "29242", refsource: "SECUNIA", url: "http://secunia.com/advisories/29242", }, { name: "MDKSA-2007:193", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193", }, { name: "https://issues.rpath.com/browse/RPL-1770", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-1770", }, { name: "27186", refsource: "SECUNIA", url: "http://secunia.com/advisories/27186", }, { name: "27851", refsource: "SECUNIA", url: "http://secunia.com/advisories/27851", }, { name: "ADV-2008-2268", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2268", }, { name: "30124", refsource: "SECUNIA", url: "http://secunia.com/advisories/30124", }, { name: "SUSE-SR:2008:005", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "27394", refsource: "SECUNIA", url: "http://secunia.com/advisories/27394", }, { name: "[4.1] 011: SECURITY FIX: October 10, 2007", refsource: "OPENBSD", url: "http://www.openbsd.org/errata41.html", }, { name: "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/481506/100/0/threaded", }, { name: "oval:org.mitre.oval:def:10904", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904", }, { name: "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/485936/100/0/threaded", }, { name: "31308", refsource: "SECUNIA", url: "http://secunia.com/advisories/31308", }, { name: "22130", refsource: "SECUNIA", url: "http://secunia.com/advisories/22130", }, { name: "27031", refsource: "SECUNIA", url: "http://secunia.com/advisories/27031", }, { name: "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", refsource: "MLIST", url: "http://lists.vmware.com/pipermail/security-announce/2008/000002.html", }, { name: "ADV-2007-3625", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3625", }, { name: "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/480855/100/0/threaded", }, { name: "FreeBSD-SA-07:08", refsource: "FREEBSD", url: "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc", }, { name: "USN-522-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/522-1/", }, { name: "ADV-2008-2361", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2361", }, { name: "27217", refsource: "SECUNIA", url: "http://secunia.com/advisories/27217", }, { name: "31467", refsource: "SECUNIA", url: "http://secunia.com/advisories/31467", }, { name: "27961", refsource: "SECUNIA", url: "http://secunia.com/advisories/27961", }, { name: "RHSA-2007:0964", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0964.html", }, { name: "27870", refsource: "SECUNIA", url: "http://secunia.com/advisories/27870", }, { name: "25831", refsource: "BID", url: "http://www.securityfocus.com/bid/25831", }, { name: "DSA-1379", refsource: "DEBIAN", url: "http://www.debian.org/security/2007/dsa-1379", }, { name: "ADV-2007-4042", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/4042", }, { name: "20071003 FLEA-2007-0058-1 openssl openssl-scripts", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/481488/100/0/threaded", }, { name: "27330", refsource: "SECUNIA", url: "http://secunia.com/advisories/27330", }, { name: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038", refsource: "CONFIRM", url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038", }, { name: "30161", refsource: "SECUNIA", url: "http://secunia.com/advisories/30161", }, { name: "GLSA-200805-07", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { name: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037", refsource: "CONFIRM", url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037", }, { name: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", }, { name: "28368", refsource: "SECUNIA", url: "http://secunia.com/advisories/28368", }, { name: "https://issues.rpath.com/browse/RPL-1769", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-1769", }, { name: "27012", refsource: "SECUNIA", url: "http://secunia.com/advisories/27012", }, { name: "3179", refsource: "SREASON", url: "http://securityreason.com/securityalert/3179", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm", }, { name: "27229", refsource: "SECUNIA", url: "http://secunia.com/advisories/27229", }, { name: "27051", refsource: "SECUNIA", url: "http://secunia.com/advisories/27051", }, { name: "31326", refsource: "SECUNIA", url: "http://secunia.com/advisories/31326", }, { name: "27078", refsource: "SECUNIA", url: "http://secunia.com/advisories/27078", }, { name: "GLSA-200710-06", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200710-06.xml", }, { name: "SSRT071499", refsource: "HP", url: "http://www.securityfocus.com/archive/1/484353/100/0/threaded", }, { name: "NetBSD-SA2008-007", refsource: "NETBSD", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { name: "http://www.openssl.org/news/secadv_20071012.txt", refsource: "CONFIRM", url: "http://www.openssl.org/news/secadv_20071012.txt", }, { name: "200858", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1", }, { name: "[4.0] 017: SECURITY FIX: October 10, 2007", refsource: "OPENBSD", url: "http://www.openbsd.org/errata40.html", }, { name: "[4.2] 002: SECURITY FIX: October 10, 2007", refsource: "OPENBSD", url: "http://www.openbsd.org/errata42.html", }, { name: "openssl-sslgetshared-bo(36837)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837", }, { name: "RHSA-2007:0813", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0813.html", }, { name: "SUSE-SR:2007:020", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2007_20_sr.html", }, { name: "ADV-2007-3325", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3325", }, { name: "ADV-2007-4144", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/4144", }, { name: "http://www.vmware.com/security/advisories/VMSA-2008-0001.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2008-0001.html", }, { name: "ADV-2008-0064", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0064", }, { name: "27021", refsource: "SECUNIA", url: "http://secunia.com/advisories/27021", }, { name: "103130", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1", }, { name: "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/486859/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-5135", datePublished: "2007-09-27T20:00:00", dateReserved: "2007-09-27T00:00:00", dateUpdated: "2024-08-07T15:17:28.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-3731 (GCVE-0-2017-3731)
Vulnerability from cvelistv5
Published
2017-05-04 19:00
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenSSL | OpenSSL |
Version: openssl-1.1.0 Version: openssl-1.1.0a Version: openssl-1.1.0b Version: openssl-1.1.0c Version: openssl-1.0.2 Version: openssl-1.0.2a Version: openssl-1.0.2b Version: openssl-1.0.2c Version: openssl-1.0.2d Version: openssl-1.0.2e Version: openssl-1.0.2f Version: openssl-1.0.2g Version: openssl-1.0.2h Version: openssl-1.0.2i Version: openssl-1.0.2j |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:40.936Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20171019-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "95813", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95813", }, { name: "RHSA-2017:0286", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0286.html", }, { name: "FreeBSD-SA-17:02", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20170126.txt", }, { name: "1037717", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037717", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2017-04", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://source.android.com/security/bulletin/pixel/2017-11-01", }, { name: "GLSA-201702-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201702-07", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "DSA-3773", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3773", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2017-3731", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "openssl-1.1.0", }, { status: "affected", version: "openssl-1.1.0a", }, { status: "affected", version: "openssl-1.1.0b", }, { status: "affected", version: "openssl-1.1.0c", }, { status: "affected", version: "openssl-1.0.2", }, { status: "affected", version: "openssl-1.0.2a", }, { status: "affected", version: "openssl-1.0.2b", }, { status: "affected", version: "openssl-1.0.2c", }, { status: "affected", version: "openssl-1.0.2d", }, { status: "affected", version: "openssl-1.0.2e", }, { status: "affected", version: "openssl-1.0.2f", }, { status: "affected", version: "openssl-1.0.2g", }, { status: "affected", version: "openssl-1.0.2h", }, { status: "affected", version: "openssl-1.0.2i", }, { status: "affected", version: "openssl-1.0.2j", }, ], }, ], credits: [ { lang: "en", value: "Robert Święcki of Google", }, ], datePublic: "2017-01-26T00:00:00", descriptions: [ { lang: "en", value: "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "out-of-bounds read", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-17T16:03:45", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20171019-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "95813", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95813", }, { name: "RHSA-2017:0286", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0286.html", }, { name: "FreeBSD-SA-17:02", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20170126.txt", }, { name: "1037717", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037717", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2017-04", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://source.android.com/security/bulletin/pixel/2017-11-01", }, { name: "GLSA-201702-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201702-07", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "DSA-3773", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3773", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.paloaltonetworks.com/CVE-2017-3731", }, ], title: "Truncated packet could crash via OOB read", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2017-01-26", ID: "CVE-2017-3731", STATE: "PUBLIC", TITLE: "Truncated packet could crash via OOB read", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "openssl-1.1.0", }, { version_value: "openssl-1.1.0a", }, { version_value: "openssl-1.1.0b", }, { version_value: "openssl-1.1.0c", }, { version_value: "openssl-1.0.2", }, { version_value: "openssl-1.0.2a", }, { version_value: "openssl-1.0.2b", }, { version_value: "openssl-1.0.2c", }, { version_value: "openssl-1.0.2d", }, { version_value: "openssl-1.0.2e", }, { version_value: "openssl-1.0.2f", }, { version_value: "openssl-1.0.2g", }, { version_value: "openssl-1.0.2h", }, { version_value: "openssl-1.0.2i", }, { version_value: "openssl-1.0.2j", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "Robert Święcki of Google", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "out-of-bounds read", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:2185", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { name: "https://security.netapp.com/advisory/ntap-20171019-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20171019-0002/", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "95813", refsource: "BID", url: "http://www.securityfocus.com/bid/95813", }, { name: "RHSA-2017:0286", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0286.html", }, { name: "FreeBSD-SA-17:02", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc", }, { name: "https://www.openssl.org/news/secadv/20170126.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20170126.txt", }, { name: "1037717", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037717", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "https://www.tenable.com/security/tns-2017-04", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2017-04", }, { name: "https://source.android.com/security/bulletin/pixel/2017-11-01", refsource: "CONFIRM", url: "https://source.android.com/security/bulletin/pixel/2017-11-01", }, { name: "GLSA-201702-07", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201702-07", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "DSA-3773", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3773", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", }, { name: "RHSA-2018:2187", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { name: "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21", refsource: "MISC", url: "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://security.paloaltonetworks.com/CVE-2017-3731", refsource: "CONFIRM", url: "https://security.paloaltonetworks.com/CVE-2017-3731", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2017-3731", datePublished: "2017-05-04T19:00:00Z", dateReserved: "2016-12-16T00:00:00", dateUpdated: "2024-09-16T22:40:54.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2006-3738 (GCVE-0-2006-3738)
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T18:39:54.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2006:172", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "22212", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22212", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23915", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "1016943", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1016943", }, { name: "23038", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23038", }, { name: "2006-0054", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "DSA-1195", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1195", }, { name: "23309", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23309", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "ADV-2006-4401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "USN-353-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "22116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22116", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "VU#547300", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/547300", }, { name: "22166", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22166", }, { name: "RHSA-2006:0695", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "23340", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23340", }, { name: "ADV-2006-4314", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4314", }, { name: "22385", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22385", }, { name: "SUSE-SR:2006:024", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22758", }, { name: "22487", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22487", }, { name: "SUSE-SA:2006:058", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "22772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22772", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "22165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22165", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "23794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23794", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "22220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22220", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openvpn.net/changelog.html", }, { name: "25889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25889", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881", }, { name: "ADV-2006-4036", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred", ], url: "http://openbsd.org/errata.html#openssl2", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30124", }, { name: "22626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22626", }, { name: "22083", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22083", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "oval:org.mitre.oval:def:9370", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370", }, { name: "ADV-2006-3869", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "22544", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22544", }, { name: "22298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22298", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22130", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31492", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22284", }, { name: "24930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24930", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "GLSA-200610-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { name: "oval:org.mitre.oval:def:4256", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "openssl-sslgetsharedciphers-bo(29237)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3860", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "23280", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23280", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { name: "ADV-2006-4264", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4264", }, { name: "22193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22193", }, { name: "29262", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/29262", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23155", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22799", }, { name: "SSA:2006-272-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.serv-u.com/releasenotes/", }, { name: "20249", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/20249", }, { name: "ADV-2006-4443", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4443", }, { name: "30161", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30161", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "GLSA-200805-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { name: "22094", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22094", }, { name: "22186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22186", }, { name: "22633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22633", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "ADV-2007-2315", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2315", }, { name: "22500", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22500", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "22216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22216", }, { name: "ADV-2006-3820", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "HPSBUX02174", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "OpenPKG-SA-2006.021", tags: [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { name: "22654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22654", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "102711", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "22240", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22240", }, { name: "22330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22330", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "DSA-1185", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "20061001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { name: "22207", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22207", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "1017522", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017522", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "ADV-2006-3902", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "20070602 Recent OpenSSL exploits", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/470460/100/0/threaded", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22259", }, { name: "22460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22460", }, { name: "22791", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22791", }, { name: "22172", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22172", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "FreeBSD-SA-06:23", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "102668", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24950", }, { name: "201531", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-09-28T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "MDKSA-2006:172", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "22212", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22212", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23915", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "1016943", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1016943", }, { name: "23038", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23038", }, { name: "2006-0054", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "DSA-1195", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1195", }, { name: "23309", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23309", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "ADV-2006-4401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "USN-353-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "22116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22116", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "VU#547300", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/547300", }, { name: "22166", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22166", }, { name: "RHSA-2006:0695", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "23340", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23340", }, { name: "ADV-2006-4314", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4314", }, { name: "22385", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22385", }, { name: "SUSE-SR:2006:024", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22758", }, { name: "22487", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22487", }, { name: "SUSE-SA:2006:058", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "22772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22772", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "22165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22165", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "23794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23794", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "22220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22220", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openvpn.net/changelog.html", }, { name: "25889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25889", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881", }, { name: "ADV-2006-4036", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", ], url: "http://openbsd.org/errata.html#openssl2", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30124", }, { name: "22626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22626", }, { name: "22083", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22083", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "oval:org.mitre.oval:def:9370", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370", }, { name: "ADV-2006-3869", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "22544", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22544", }, { name: "22298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22298", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22130", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31492", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22284", }, { name: "24930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24930", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "GLSA-200610-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { name: "oval:org.mitre.oval:def:4256", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "openssl-sslgetsharedciphers-bo(29237)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3860", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "23280", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23280", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { name: "ADV-2006-4264", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4264", }, { name: "22193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22193", }, { name: "29262", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/29262", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23155", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22799", }, { name: "SSA:2006-272-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.serv-u.com/releasenotes/", }, { name: "20249", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/20249", }, { name: "ADV-2006-4443", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4443", }, { name: "30161", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30161", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "GLSA-200805-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", }, { name: "22094", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22094", }, { name: "22186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22186", }, { name: "22633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22633", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "ADV-2007-2315", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2315", }, { name: "22500", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22500", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "22216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22216", }, { name: "ADV-2006-3820", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "HPSBUX02174", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "OpenPKG-SA-2006.021", tags: [ "vendor-advisory", "x_refsource_OPENPKG", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { name: "22654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22654", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "102711", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "22240", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22240", }, { name: "22330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22330", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "DSA-1185", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "20061001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { name: "22207", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22207", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "1017522", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017522", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "ADV-2006-3902", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "20070602 Recent OpenSSL exploits", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/470460/100/0/threaded", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22259", }, { name: "22460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22460", }, { name: "22791", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22791", }, { name: "22172", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22172", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "FreeBSD-SA-06:23", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "102668", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24950", }, { name: "201531", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2006-3738", datePublished: "2006-09-28T18:00:00", dateReserved: "2006-07-20T00:00:00", dateUpdated: "2024-08-07T18:39:54.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2006-4343 (GCVE-0-2006-4343)
Vulnerability from cvelistv5
Published
2006-09-28 18:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T19:06:07.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2006:172", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "22212", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22212", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { name: "4773", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/4773", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23915", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "1016943", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1016943", }, { name: "23038", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23038", }, { name: "2006-0054", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "openssl-sslv2-client-dos(29240)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240", }, { name: "DSA-1195", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1195", }, { name: "23309", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23309", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "ADV-2006-4401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "USN-353-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "22116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22116", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "22166", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22166", }, { name: "RHSA-2006:0695", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "23340", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23340", }, { name: "22385", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22385", }, { name: "SUSE-SR:2006:024", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22758", }, { name: "22487", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22487", }, { name: "SUSE-SA:2006:058", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "22772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22772", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "FreeBSD-SA-06:23.openssl", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "22165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22165", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "23794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23794", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "22220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22220", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openvpn.net/changelog.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/server/doc/releasenotes_server.html", }, { name: "25889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25889", }, { name: "ADV-2006-4036", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred", ], url: "http://openbsd.org/errata.html#openssl2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30124", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ingate.com/relnote-452.php", }, { name: "22626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22626", }, { name: "29263", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/29263", }, { name: "22083", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22083", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "ADV-2006-3869", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "22544", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22544", }, { name: "22298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22298", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22130", }, { name: "25420", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25420", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31492", }, { name: "ADV-2007-1973", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1973", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22284", }, { name: "oval:org.mitre.oval:def:4356", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "GLSA-200610-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3860", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "23280", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23280", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "oval:org.mitre.oval:def:10207", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/player/doc/releasenotes_player.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { name: "ADV-2006-4264", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4264", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", }, { name: "22193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23155", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22799", }, { name: "SSA:2006-272-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "VU#386964", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/386964", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.serv-u.com/releasenotes/", }, { name: "ADV-2006-4443", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4443", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "22094", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22094", }, { name: "22186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22186", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "22500", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22500", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489739/100/0/threaded", }, { name: "22216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22216", }, { name: "ADV-2006-3820", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", }, { name: "HPSBUX02174", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "OpenPKG-SA-2006.021", tags: [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", }, { name: "ADV-2008-0905", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0905/references", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "102711", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "22240", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22240", }, { name: "22330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22330", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "DSA-1185", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "20061001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { name: "22207", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22207", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "1017522", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017522", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "ADV-2006-3902", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22259", }, { name: "22460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22460", }, { name: "22791", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22791", }, { name: "22172", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22172", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "28276", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28276", }, { name: "102668", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "20246", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/20246", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24950", }, { name: "201531", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-09-28T00:00:00", descriptions: [ { lang: "en", value: "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "MDKSA-2006:172", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:172", }, { name: "22212", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22212", }, { name: "ADV-2006-4750", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4750", }, { name: "4773", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/4773", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", }, { name: "23915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23915", }, { name: "HPSBMA02250", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "1016943", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1016943", }, { name: "23038", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23038", }, { name: "2006-0054", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2006/0054", }, { name: "openssl-sslv2-client-dos(29240)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240", }, { name: "DSA-1195", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1195", }, { name: "23309", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23309", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", }, { name: "ADV-2006-4401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4401", }, { name: "USN-353-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-353-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", }, { name: "22116", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22116", }, { name: "SSRT071304", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm", }, { name: "GLSA-200612-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml", }, { name: "22166", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22166", }, { name: "RHSA-2006:0695", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0695.html", }, { name: "23340", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23340", }, { name: "22385", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22385", }, { name: "SUSE-SR:2006:024", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_24_sr.html", }, { name: "22758", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22758", }, { name: "22487", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22487", }, { name: "SUSE-SA:2006:058", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_58_openssl.html", }, { name: "22772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22772", }, { name: "SSRT071299", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "FreeBSD-SA-06:23.openssl", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc", }, { name: "22165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22165", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=304829", }, { name: "20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html", }, { name: "23794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23794", }, { name: "SSRT090208", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { name: "22220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22220", }, { name: "23680", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23680", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openvpn.net/changelog.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/server/doc/releasenotes_server.html", }, { name: "25889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25889", }, { name: "ADV-2006-4036", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4036", }, { name: "[3.9] 20061007 013: SECURITY FIX: October 7, 2006", tags: [ "vendor-advisory", "x_refsource_OPENBSD", ], url: "http://openbsd.org/errata.html#openssl2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", }, { name: "30124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30124", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ingate.com/relnote-452.php", }, { name: "22626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22626", }, { name: "29263", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/29263", }, { name: "22083", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22083", }, { name: "MDKSA-2006:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:178", }, { name: "ADV-2006-3869", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3869", }, { name: "22544", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22544", }, { name: "22298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22298", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", }, { name: "22130", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22130", }, { name: "25420", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25420", }, { name: "31492", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31492", }, { name: "ADV-2007-1973", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1973", }, { name: "22284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22284", }, { name: "oval:org.mitre.oval:def:4356", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356", }, { name: "RHSA-2008:0629", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0629.html", }, { name: "GLSA-200610-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200610-11.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://issues.rpath.com/browse/RPL-613", }, { name: "26329", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26329", }, { name: "22260", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22260", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf", }, { name: "ADV-2007-0343", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0343", }, { name: "ADV-2006-3860", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3860", }, { name: "23280", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23280", }, { name: "20060928 rPSA-2006-0175-1 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447318/100/0/threaded", }, { name: "oval:org.mitre.oval:def:10207", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207", }, { name: "SSRT061213", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/player/doc/releasenotes_player.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm", }, { name: "ADV-2006-4264", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4264", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", }, { name: "22193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", }, { name: "23155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23155", }, { name: "22799", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22799", }, { name: "SSA:2006-272-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946", }, { name: "ADV-2006-4417", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4417", }, { name: "VU#386964", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/386964", }, { name: "HPSBUX02186", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540", }, { name: "HPSBOV02683", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.serv-u.com/releasenotes/", }, { name: "ADV-2006-4443", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4443", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", }, { name: "22094", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22094", }, { name: "22186", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22186", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20060928.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kolab.org/security/kolab-vendor-notice-11.txt", }, { name: "22500", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22500", }, { name: "APPLE-SA-2006-11-28", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html", }, { name: "TA06-333A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-333A.html", }, { name: "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489739/100/0/threaded", }, { name: "22216", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22216", }, { name: "ADV-2006-3820", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3820", }, { name: "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", }, { name: "HPSBUX02174", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "OpenPKG-SA-2006.021", tags: [ "vendor-advisory", "x_refsource_OPENPKG", ], url: "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", }, { name: "ADV-2008-0905", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0905/references", }, { name: "ADV-2007-1401", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1401", }, { name: "102711", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1", }, { name: "NetBSD-SA2008-007", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", }, { name: "SSRT061275", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771", }, { name: "20070110 VMware ESX server security updates", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/456546/100/200/threaded", }, { name: "20060929 rPSA-2006-0175-2 openssl openssl-scripts", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447393/100/0/threaded", }, { name: "ADV-2006-3936", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3936", }, { name: "22240", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22240", }, { name: "22330", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22330", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", }, { name: "HPSBTU02207", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144", }, { name: "DSA-1185", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1185", }, { name: "20061001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", }, { name: "22207", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22207", }, { name: "MDKSA-2006:177", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:177", }, { name: "1017522", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017522", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL Library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html", }, { name: "ADV-2006-3902", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3902", }, { name: "ADV-2007-2783", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2783", }, { name: "22259", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22259", }, { name: "22460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22460", }, { name: "22791", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22791", }, { name: "22172", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22172", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", }, { name: "SSRT061239", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100", }, { name: "28276", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28276", }, { name: "102668", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1", }, { name: "20246", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/20246", }, { name: "20061108 Multiple Vulnerabilities in OpenSSL library", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml", }, { name: "24950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24950", }, { name: "201531", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2006-4343", datePublished: "2006-09-28T18:00:00", dateReserved: "2006-08-24T00:00:00", dateUpdated: "2024-08-07T19:06:07.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2008-0891 (GCVE-0-2008-0891)
Vulnerability from cvelistv5
Published
2008-05-29 16:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:01:40.084Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html", }, { name: "SSA:2008-210-08", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004", }, { name: "30852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30852", }, { name: "FEDORA-2008-4723", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400", }, { name: "openssl-servername-dos(42666)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42666", }, { name: "30460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30460", }, { name: "30825", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30825", }, { name: "ADV-2008-1680", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1680", }, { name: "1020121", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020121", }, { name: "USN-620-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-620-1", }, { name: "30868", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30868", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20080528.txt", }, { name: "GLSA-200806-08", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200806-08.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=615606", }, { name: "31288", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31288", }, { name: "30405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30405", }, { name: "29405", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29405", }, { name: "ADV-2008-1937", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1937/references", }, { name: "31228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31228", }, { name: "MDVSA-2008:107", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107", }, { name: "VU#661475", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/661475", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-28T00:00:00", descriptions: [ { lang: "en", value: "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html", }, { name: "SSA:2008-210-08", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004", }, { name: "30852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30852", }, { name: "FEDORA-2008-4723", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html", }, { tags: [ "x_refsource_MISC", ], url: "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400", }, { name: "openssl-servername-dos(42666)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42666", }, { name: "30460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30460", }, { name: "30825", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30825", }, { name: "ADV-2008-1680", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1680", }, { name: "1020121", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020121", }, { name: "USN-620-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-620-1", }, { name: "30868", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30868", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20080528.txt", }, { name: "GLSA-200806-08", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200806-08.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=615606", }, { name: "31288", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31288", }, { name: "30405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30405", }, { name: "29405", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29405", }, { name: "ADV-2008-1937", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1937/references", }, { name: "31228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31228", }, { name: "MDVSA-2008:107", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107", }, { name: "VU#661475", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/661475", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-0891", datePublished: "2008-05-29T16:00:00", dateReserved: "2008-02-21T00:00:00", dateUpdated: "2024-08-07T08:01:40.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.