Search for vulnerabilities
Vulnerability details: VCID-31sj-sdmb-aaaq
Vulnerability ID VCID-31sj-sdmb-aaaq
Aliases CVE-2006-2937
VC-OPENSSL-20060928-CVE-2006-2937
Summary During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=130497311408250&w=2
rhas Important https://access.redhat.com/errata/RHSA-2006:0695
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0264
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0525
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0629
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07492 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.07626 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.11293 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.14578 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.21499 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.21499 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.21499 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
epss 0.21499 https://api.first.org/data/v1/epss?cve=CVE-2006-2937
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=430655
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2006-2937
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://docs.info.apple.com/article.html?artnum=304829
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://issues.rpath.com/browse/RPL-613
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://kolab.org/security/kolab-vendor-notice-11.txt
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://openbsd.org/errata.html#openssl2
http://openvpn.net/changelog.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2937.json
https://api.first.org/data/v1/epss?cve=CVE-2006-2937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://secunia.com/advisories/22094
http://secunia.com/advisories/22116
http://secunia.com/advisories/22130
http://secunia.com/advisories/22165
http://secunia.com/advisories/22166
http://secunia.com/advisories/22172
http://secunia.com/advisories/22186
http://secunia.com/advisories/22193
http://secunia.com/advisories/22207
http://secunia.com/advisories/22212
http://secunia.com/advisories/22216
http://secunia.com/advisories/22220
http://secunia.com/advisories/22240
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://secunia.com/advisories/22284
http://secunia.com/advisories/22298
http://secunia.com/advisories/22330
http://secunia.com/advisories/22385
http://secunia.com/advisories/22460
http://secunia.com/advisories/22487
http://secunia.com/advisories/22544
http://secunia.com/advisories/22626
http://secunia.com/advisories/22671
http://secunia.com/advisories/22758
http://secunia.com/advisories/22772
http://secunia.com/advisories/22799
http://secunia.com/advisories/23038
http://secunia.com/advisories/23131
http://secunia.com/advisories/23155
http://secunia.com/advisories/23280
http://secunia.com/advisories/23309
http://secunia.com/advisories/23340
http://secunia.com/advisories/23351
http://secunia.com/advisories/23680
http://secunia.com/advisories/23915
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://secunia.com/advisories/25889
http://secunia.com/advisories/26329
http://secunia.com/advisories/30124
http://secunia.com/advisories/31492
http://secunia.com/advisories/31531
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
http://security.gentoo.org/glsa/glsa-200610-11.xml
http://securitytracker.com/id?1016943
https://exchange.xforce.ibmcloud.com/vulnerabilities/29228
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
https://www.openssl.org/news/secadv/20060928.txt
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.debian.org/security/2006/dsa-1185
http://www.f-secure.com/security/fsc-2006-6.shtml
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
http://www.kb.cert.org/vuls/id/247744
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.novell.com/linux/security/advisories/2006_24_sr.html
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
http://www.openssl.org/news/secadv_20060928.txt
http://www.osvdb.org/29260
http://www.redhat.com/support/errata/RHSA-2006-0695.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://www.securityfocus.com/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/447393/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/20248
http://www.securityfocus.com/bid/28276
http://www.serv-u.com/releasenotes/
http://www.trustix.org/errata/2006/0054
http://www.ubuntu.com/usn/usn-353-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2006/3820
http://www.vupen.com/english/advisories/2006/3860
http://www.vupen.com/english/advisories/2006/3869
http://www.vupen.com/english/advisories/2006/3902
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4019
http://www.vupen.com/english/advisories/2006/4036
http://www.vupen.com/english/advisories/2006/4264
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/4401
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2006/4761
http://www.vupen.com/english/advisories/2006/4980
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/2783
http://www.vupen.com/english/advisories/2008/0905/references
http://www.vupen.com/english/advisories/2008/2396
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
389940 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389940
430655 https://bugzilla.redhat.com/show_bug.cgi?id=430655
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
CVE-2006-2937 https://nvd.nist.gov/vuln/detail/CVE-2006-2937
GLSA-200610-11 https://security.gentoo.org/glsa/200610-11
GLSA-200612-11 https://security.gentoo.org/glsa/200612-11
RHSA-2006:0695 https://access.redhat.com/errata/RHSA-2006:0695
RHSA-2008:0264 https://access.redhat.com/errata/RHSA-2008:0264
RHSA-2008:0525 https://access.redhat.com/errata/RHSA-2008:0525
RHSA-2008:0629 https://access.redhat.com/errata/RHSA-2008:0629
USN-353-1 https://usn.ubuntu.com/353-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2006-2937
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90955
EPSS Score 0.07492
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.