CVE-2006-4343

OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

La función get_server_hello código del cliente SSLv2 en OpenSSL 0.9.7 anterior a 0.9.7l, 0.9.8 anterior a 0.9.8d, y versiones anteriores permite a servidores remotos provocar una denegación de servicio (caída del cliente) mediante vectores desconocidos que disparan un referencia a un puntero nulo.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-08-24 CVE Reserved
2006-09-28 CVE Published
2006-09-28 First Exploit
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (118)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=304829	Third Party Advisory
http://issues.rpath.com/browse/RPL-613	Broken Link
http://kolab.org/security/kolab-vendor-notice-11.txt	Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html	Mailing List
http://lists.vmware.com/pipermail/security-announce/2008/000008.html	Mailing List
http://openvpn.net/changelog.html	Third Party Advisory
http://secunia.com/advisories/22094	Third Party Advisory
http://secunia.com/advisories/22116	Third Party Advisory
http://secunia.com/advisories/22130	Third Party Advisory
http://secunia.com/advisories/22165	Third Party Advisory
http://secunia.com/advisories/22166	Third Party Advisory
http://secunia.com/advisories/22172	Third Party Advisory
http://secunia.com/advisories/22186	Third Party Advisory
http://secunia.com/advisories/22193	Third Party Advisory
http://secunia.com/advisories/22207	Third Party Advisory
http://secunia.com/advisories/22212	Third Party Advisory
http://secunia.com/advisories/22216	Third Party Advisory
http://secunia.com/advisories/22220	Third Party Advisory
http://secunia.com/advisories/22240	Third Party Advisory
http://secunia.com/advisories/22259	Third Party Advisory
http://secunia.com/advisories/22260	Third Party Advisory
http://secunia.com/advisories/22284	Third Party Advisory
http://secunia.com/advisories/22298	Third Party Advisory
http://secunia.com/advisories/22330	Third Party Advisory
http://secunia.com/advisories/22385	Third Party Advisory
http://secunia.com/advisories/22460	Third Party Advisory
http://secunia.com/advisories/22487	Third Party Advisory
http://secunia.com/advisories/22500	Third Party Advisory
http://secunia.com/advisories/22544	Third Party Advisory
http://secunia.com/advisories/22626	Third Party Advisory
http://secunia.com/advisories/22758	Third Party Advisory
http://secunia.com/advisories/22772	Third Party Advisory
http://secunia.com/advisories/22791	Third Party Advisory
http://secunia.com/advisories/22799	Third Party Advisory
http://secunia.com/advisories/23038	Third Party Advisory
http://secunia.com/advisories/23155	Third Party Advisory
http://secunia.com/advisories/23280	Third Party Advisory
http://secunia.com/advisories/23309	Third Party Advisory
http://secunia.com/advisories/23340	Third Party Advisory
http://secunia.com/advisories/23680	Third Party Advisory
http://secunia.com/advisories/23794	Third Party Advisory
http://secunia.com/advisories/23915	Third Party Advisory
http://secunia.com/advisories/24950	Third Party Advisory
http://secunia.com/advisories/25420	Third Party Advisory
http://secunia.com/advisories/25889	Third Party Advisory
http://secunia.com/advisories/26329	Third Party Advisory
http://secunia.com/advisories/30124	Third Party Advisory
http://secunia.com/advisories/31492	Third Party Advisory
http://securitytracker.com/id?1016943	Third Party Advisory
http://securitytracker.com/id?1017522	Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227	Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm	Third Party Advisory
http://www.ingate.com/relnote-452.php	Broken Link
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html	Third Party Advisory
http://www.osvdb.org/29263	Broken Link
http://www.securityfocus.com/archive/1/447318/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/447393/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/456546/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/489739/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/22083	Third Party Advisory
http://www.securityfocus.com/bid/28276	Third Party Advisory
http://www.serv-u.com/releasenotes	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-333A.html	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0005.html	Third Party Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	Third Party Advisory
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html	Third Party Advisory
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html	Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html	Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html	Third Party Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.html	Third Party Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.html	Third Party Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.html	Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html	Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html	Third Party Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	Third Party Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	Third Party Advisory
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/28726	2006-09-28
https://www.exploit-db.com/exploits/4773	2024-08-07

URL	Date	SRC
http://www.kb.cert.org/vuls/id/386964	2018-10-17
http://www.openssl.org/news/secadv_20060928.txt	2018-10-17
http://www.securityfocus.com/bid/20246	2018-10-17

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc	2018-10-17
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	2018-10-17
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771	2018-10-17
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100	2018-10-17
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540	2018-10-17
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	2018-10-17
http://marc.info/?l=bugtraq&m=130497311408250&w=2	2018-10-17
http://openbsd.org/errata.html#openssl2	2018-10-17
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc	2018-10-17
http://security.gentoo.org/glsa/glsa-200610-11.xml	2018-10-17
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946	2018-10-17
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1	2018-10-17
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1	2018-10-17
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1	2018-10-17
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html	2018-10-17
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml	2018-10-17
http://www.debian.org/security/2006/dsa-1185	2018-10-17
http://www.debian.org/security/2006/dsa-1195	2018-10-17
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178	2018-10-17
http://www.novell.com/linux/security/advisories/2006_24_sr.html	2018-10-17
http://www.novell.com/linux/security/advisories/2006_58_openssl.html	2018-10-17
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html	2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0695.html	2018-10-17
http://www.redhat.com/support/errata/RHSA-2008-0629.html	2018-10-17
http://www.trustix.org/errata/2006/0054	2018-10-17
http://www.ubuntu.com/usn/usn-353-1	2018-10-17
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144	2018-10-17
https://access.redhat.com/security/cve/CVE-2006-4343	2008-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=430651	2008-08-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7a Search vendor "Openssl" for product "Openssl" and version "0.9.7a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7b Search vendor "Openssl" for product "Openssl" and version "0.9.7b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7c Search vendor "Openssl" for product "Openssl" and version "0.9.7c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7d Search vendor "Openssl" for product "Openssl" and version "0.9.7d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7e Search vendor "Openssl" for product "Openssl" and version "0.9.7e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7f Search vendor "Openssl" for product "Openssl" and version "0.9.7f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7g Search vendor "Openssl" for product "Openssl" and version "0.9.7g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7h Search vendor "Openssl" for product "Openssl" and version "0.9.7h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7i Search vendor "Openssl" for product "Openssl" and version "0.9.7i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7j Search vendor "Openssl" for product "Openssl" and version "0.9.7j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7k Search vendor "Openssl" for product "Openssl" and version "0.9.7k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				5.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "5.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				5.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "5.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		lts		Affected