CVE-2006-4343 · threatengine.sh

Home/CVE/The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier

CVE

CVE-2006-4343

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

MEDIUM · CVSS 4.3 EPSS 0.06929

Schedule remediation

EPSS percentile: top 8% of all CVEs by exploitation likelihood
Public exploit or PoC is available

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-476NULL Pointer Dereference

▤

Affected Products & Versions

3

opensslall versions
debian linuxall versions
canonical ubuntu linuxall versions

⚠

Public Exploits & PoCs

2

dosOpenSSL < 0.9.7l/0.9.8d - SSLv2 Client Crashverified

dosOpenSSL SSLv2 - Null Pointer Dereference Client Denial of Serviceverified

▣

Scoring & Timeline

4.3

MEDIUM · CVSS v2 (legacy) · secalert@redhat.com

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Published to NVD28 Sep 2006 · 06:07 PM

⚑

Vendor Advisories

8

suse-csafopenSUSE-SU-2024:11125-1
suse-csafopenSUSE-SU-2024:11126-1
suse-csafopenSUSE-SU-2024:11127-1
rhsaRHSA-2008:0264Moderate
rhsaRHSA-2008:0629Moderate
Show all 8 vendor advisoriesrhsaRHSA-2008:0525Moderate
usnUSN-353-1
rhsaRHSA-2006:0695Low

🔗

References & Sources

80

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascThird Party Advisory

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascThird Party Advisory

http://docs.info.apple.com/article.html?artnum=304829Third Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771Broken Link

http://issues.rpath.com/browse/RPL-613Broken Link

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100Broken Link

Show all 80 references

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540Broken Link

http://kolab.org/security/kolab-vendor-notice-11.txtBroken Link

http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlMailing ListThird Party Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlMailing ListThird Party Advisory

http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=130497311408250&w=2Mailing ListThird Party Advisory

http://openbsd.org/errata.html#openssl2Third Party Advisory

http://openvpn.net/changelog.htmlThird Party Advisory

http://secunia.com/advisories/22094Third Party Advisory

http://secunia.com/advisories/22116Third Party Advisory

http://secunia.com/advisories/22130Third Party Advisory

http://secunia.com/advisories/22165Third Party Advisory

http://secunia.com/advisories/22166Third Party Advisory

http://secunia.com/advisories/22172Third Party Advisory

http://secunia.com/advisories/22186Third Party Advisory

http://secunia.com/advisories/22193Third Party Advisory

http://secunia.com/advisories/22207Third Party Advisory

http://secunia.com/advisories/22212Third Party Advisory

http://secunia.com/advisories/22216Third Party Advisory

http://secunia.com/advisories/22220Third Party Advisory

http://secunia.com/advisories/22240Third Party Advisory

http://secunia.com/advisories/22259Third Party Advisory

http://secunia.com/advisories/22260Third Party Advisory

http://secunia.com/advisories/22284Third Party Advisory

http://secunia.com/advisories/22298Third Party Advisory

http://secunia.com/advisories/22330Third Party Advisory

http://secunia.com/advisories/22385Third Party Advisory

http://secunia.com/advisories/22460Third Party Advisory

http://secunia.com/advisories/22487Third Party Advisory

http://secunia.com/advisories/22500Third Party Advisory

http://secunia.com/advisories/22544Third Party Advisory

http://secunia.com/advisories/22626Third Party Advisory

http://secunia.com/advisories/22758Third Party Advisory

http://secunia.com/advisories/22772Third Party Advisory

http://secunia.com/advisories/22791Third Party Advisory

http://secunia.com/advisories/22799Third Party Advisory

http://secunia.com/advisories/23038Third Party Advisory

http://secunia.com/advisories/23155Third Party Advisory

http://secunia.com/advisories/23280Third Party Advisory

http://secunia.com/advisories/23309Third Party Advisory

http://secunia.com/advisories/23340Third Party Advisory

http://secunia.com/advisories/23680Third Party Advisory

http://secunia.com/advisories/23794Third Party Advisory

http://secunia.com/advisories/23915Third Party Advisory

http://secunia.com/advisories/24950Third Party Advisory

http://secunia.com/advisories/25420Third Party Advisory

http://secunia.com/advisories/25889Third Party Advisory

http://secunia.com/advisories/26329Third Party Advisory

http://secunia.com/advisories/30124Third Party Advisory

http://secunia.com/advisories/31492Third Party Advisory

http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascThird Party Advisory

http://security.gentoo.org/glsa/glsa-200610-11.xmlThird Party Advisory

http://securitytracker.com/id?1016943Third Party AdvisoryVDB Entry

http://securitytracker.com/id?1017522Third Party AdvisoryVDB Entry

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946Mailing ListThird Party Advisory

http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1Broken Link

http://support.avaya.com/elmodocs2/security/ASA-2006-220.htmThird Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmThird Party Advisory

http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlThird Party Advisory

http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlThird Party Advisory

http://www.debian.org/security/2006/dsa-1185Third Party Advisory

http://www.debian.org/security/2006/dsa-1195Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-200612-11.xmlThird Party Advisory

http://www.ingate.com/relnote-452.phpBroken Link

http://www.kb.cert.org/vuls/id/386964PatchThird Party AdvisoryUS Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2006:172Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:177Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:178Broken Link

http://www.novell.com/linux/security/advisories/2006_24_sr.htmlBroken Link

http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlBroken Link

http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlThird Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin