Search for vulnerabilities
Vulnerability details: VCID-rbtq-713d-aaap
Vulnerability ID VCID-rbtq-713d-aaap
Aliases CVE-2006-4343
VC-OPENSSL-20060928-CVE-2006-4343
Summary A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=130497311408250&w=2
rhas Important https://access.redhat.com/errata/RHSA-2006:0695
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0264
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0525
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0629
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.00936 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.25557 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.2688 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
epss 0.27724 https://api.first.org/data/v1/epss?cve=CVE-2006-4343
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=430651
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2006-4343
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://docs.info.apple.com/article.html?artnum=304829
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://issues.rpath.com/browse/RPL-613
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://kolab.org/security/kolab-vendor-notice-11.txt
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://openbsd.org/errata.html#openssl2
http://openvpn.net/changelog.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4343.json
https://api.first.org/data/v1/epss?cve=CVE-2006-4343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://secunia.com/advisories/22094
http://secunia.com/advisories/22116
http://secunia.com/advisories/22130
http://secunia.com/advisories/22165
http://secunia.com/advisories/22166
http://secunia.com/advisories/22172
http://secunia.com/advisories/22186
http://secunia.com/advisories/22193
http://secunia.com/advisories/22207
http://secunia.com/advisories/22212
http://secunia.com/advisories/22216
http://secunia.com/advisories/22220
http://secunia.com/advisories/22240
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://secunia.com/advisories/22284
http://secunia.com/advisories/22298
http://secunia.com/advisories/22330
http://secunia.com/advisories/22385
http://secunia.com/advisories/22460
http://secunia.com/advisories/22487
http://secunia.com/advisories/22500
http://secunia.com/advisories/22544
http://secunia.com/advisories/22626
http://secunia.com/advisories/22758
http://secunia.com/advisories/22772
http://secunia.com/advisories/22791
http://secunia.com/advisories/22799
http://secunia.com/advisories/23038
http://secunia.com/advisories/23155
http://secunia.com/advisories/23280
http://secunia.com/advisories/23309
http://secunia.com/advisories/23340
http://secunia.com/advisories/23680
http://secunia.com/advisories/23794
http://secunia.com/advisories/23915
http://secunia.com/advisories/24950
http://secunia.com/advisories/25420
http://secunia.com/advisories/25889
http://secunia.com/advisories/26329
http://secunia.com/advisories/30124
http://secunia.com/advisories/31492
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
http://security.gentoo.org/glsa/glsa-200610-11.xml
http://securitytracker.com/id?1016943
http://securitytracker.com/id?1017522
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
https://www.exploit-db.com/exploits/4773
https://www.openssl.org/news/secadv/20060928.txt
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.debian.org/security/2006/dsa-1185
http://www.debian.org/security/2006/dsa-1195
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
http://www.ingate.com/relnote-452.php
http://www.kb.cert.org/vuls/id/386964
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://www.novell.com/linux/security/advisories/2006_24_sr.html
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
http://www.openssl.org/news/secadv_20060928.txt
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.osvdb.org/29263
http://www.redhat.com/support/errata/RHSA-2006-0695.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://www.securityfocus.com/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/447393/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/20246
http://www.securityfocus.com/bid/22083
http://www.securityfocus.com/bid/28276
http://www.serv-u.com/releasenotes/
http://www.trustix.org/errata/2006/0054
http://www.ubuntu.com/usn/usn-353-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2006/3820
http://www.vupen.com/english/advisories/2006/3860
http://www.vupen.com/english/advisories/2006/3869
http://www.vupen.com/english/advisories/2006/3902
http://www.vupen.com/english/advisories/2006/3936
http://www.vupen.com/english/advisories/2006/4036
http://www.vupen.com/english/advisories/2006/4264
http://www.vupen.com/english/advisories/2006/4401
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2006/4443
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/1973
http://www.vupen.com/english/advisories/2007/2783
http://www.vupen.com/english/advisories/2008/0905/references
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
389940 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389940
430651 https://bugzilla.redhat.com/show_bug.cgi?id=430651
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
CVE-2006-4343 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4773.pl
CVE-2006-4343 https://nvd.nist.gov/vuln/detail/CVE-2006-4343
CVE-2006-4343;OSVDB-29263 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/28726.pl
CVE-2006-4343;OSVDB-29263 Exploit https://www.securityfocus.com/bid/20246/info
GLSA-200610-11 https://security.gentoo.org/glsa/200610-11
GLSA-200612-11 https://security.gentoo.org/glsa/200612-11
RHSA-2006:0695 https://access.redhat.com/errata/RHSA-2006:0695
RHSA-2008:0264 https://access.redhat.com/errata/RHSA-2008:0264
RHSA-2008:0525 https://access.redhat.com/errata/RHSA-2008:0525
RHSA-2008:0629 https://access.redhat.com/errata/RHSA-2008:0629
USN-353-1 https://usn.ubuntu.com/353-1/
Data source Exploit-DB
Date added Sept. 28, 2006
Description OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service
Ransomware campaign use Known
Source publication date Sept. 28, 2006
Exploit type dos
Platform multiple
Source update date Oct. 4, 2013
Source URL https://www.securityfocus.com/bid/20246/info
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-4343
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83488
EPSS Score 0.00936
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.