CVE-2006-4343

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Published: Sep 28, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4343
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
openssl / openssl	0.9.8b	0.9.8b.x
openssl / openssl	0.9.8c	0.9.8c.x
openssl / openssl	0.9.7c	0.9.7c.x
openssl / openssl	0.9.7j	0.9.7j.x
openssl / openssl	0.9.7k	0.9.7k.x
openssl / openssl	0.9.7g	0.9.7g.x
openssl / openssl	0.9.7d	0.9.7d.x
openssl / openssl	0.9.7	0.9.7.x
openssl / openssl	0.9.7e	0.9.7e.x
openssl / openssl	0.9.7b	0.9.7b.x
openssl / openssl	0.9.8a	0.9.8a.x
openssl / openssl	0.9.7i	0.9.7i.x
openssl / openssl	0.9.7h	0.9.7h.x
openssl / openssl	0.9.8	0.9.8.x
openssl / openssl	0.9.7a	0.9.7a.x
openssl / openssl	0.9.7f	0.9.7f.x
debian / debian_linux	3.1	3.1.x
canonical / ubuntu_linux	5.04	5.04.x
canonical / ubuntu_linux	6.06	6.06.x
canonical / ubuntu_linux	5.10	5.10.x

Vulnerability Database

289,599

CVE-2006-4343