CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 2CVE-2006-4343 – OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service
https://notcve.org/view.php?id=CVE-2006-4343
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. La función get_server_hello código del cliente SSLv2 en OpenSSL 0.9.7 anterior a 0.9.7l, 0.9.8 anterior a 0.9.8d, y versiones anteriores permite a servidores remotos provocar una denegación de servicio (caída del cliente) mediante vectores desconocidos que disparan un referencia a un puntero nulo. • https://www.exploit-db.com/exploits/28726 https://www.exploit-db.com/exploits/4773 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=304829 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://issues.rpath.com/browse/RPL-613 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 http://itr • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 9%CPEs: 45EXPL: 0CVE-2006-4339 – openssl signature forgery
https://notcve.org/view.php?id=CVE-2006-4339
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. OpenSSL en versiones anteriores a 0.9.7, 0.9.7 en versiones anteriores a 0.9.7k y 0.9.8 en versiones anteriores a 0.9.8c, cuando usa una clave RSA con exponente 3, elimina relleno PKCS-1 antes de generar un hash, lo que permite a atacantes remotos falsificar una firma PKCS #1 v1.5 que está firmada por dicha clave RSA e impide a OpenSSL verificar correctamente los certificados X.509 y otros que utilizan PKCS #1. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://dev2dev.bea.com/pub/advisory/238 http://docs.info.apple.com/article.html?artnum=304829 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://itrc.hp.com/service/cki/docDisplay.do? • CWE-310: Cryptographic Issues •