CVE-2006-2937 | Vulnerability Database | Aqua Security

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.8b	0.9.8b
Openssl	Openssl	0.9.8c	0.9.8c
Openssl	Openssl	0.9.7c	0.9.7c
Openssl	Openssl	0.9.7j	0.9.7j
Openssl	Openssl	0.9.7k	0.9.7k
Openssl	Openssl	0.9.7g	0.9.7g
Openssl	Openssl	0.9.7d	0.9.7d
Openssl	Openssl	0.9.7	0.9.7
Openssl	Openssl	0.9.7e	0.9.7e
Openssl	Openssl	0.9.7b	0.9.7b
Openssl	Openssl	0.9.8a	0.9.8a
Openssl	Openssl	0.9.7i	0.9.7i
Openssl	Openssl	0.9.7h	0.9.7h
Openssl	Openssl	0.9.8	0.9.8
Openssl	Openssl	0.9.7a	0.9.7a
Openssl	Openssl	0.9.7f	0.9.7f

References

http://www.openssl.org/news/secadv_20060928.txt
http://www.kb.cert.org/vuls/id/247744
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://www.debian.org/security/2006/dsa-1185
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
http://www.redhat.com/support/errata/RHSA-2006-0695.html
http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946
http://www.ubuntu.com/usn/usn-353-1
http://www.securityfocus.com/bid/20248
http://secunia.com/advisories/22130
http://secunia.com/advisories/22094
http://secunia.com/advisories/22165
http://secunia.com/advisories/22186
http://secunia.com/advisories/22193
http://secunia.com/advisories/22207
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://kolab.org/security/kolab-vendor-notice-11.txt
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
http://www.trustix.org/errata/2006/0054
http://securitytracker.com/id?1016943
http://secunia.com/advisories/22166
http://secunia.com/advisories/22172
http://secunia.com/advisories/22212
http://secunia.com/advisories/22240
http://secunia.com/advisories/22216
http://secunia.com/advisories/22116
http://secunia.com/advisories/22220
http://openvpn.net/changelog.html
http://www.serv-u.com/releasenotes/
http://openbsd.org/errata.html#openssl2
http://secunia.com/advisories/22284
http://secunia.com/advisories/22330
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
http://www.novell.com/linux/security/advisories/2006_24_sr.html
http://www.osvdb.org/29260
http://secunia.com/advisories/22385
http://secunia.com/advisories/22460
http://security.gentoo.org/glsa/glsa-200610-11.xml
http://secunia.com/advisories/22544
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://secunia.com/advisories/22626
http://secunia.com/advisories/22487
http://secunia.com/advisories/22671
http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
http://secunia.com/advisories/22758
http://secunia.com/advisories/22799
http://secunia.com/advisories/22772
http://secunia.com/advisories/23038
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://secunia.com/advisories/23155
http://www.f-secure.com/security/fsc-2006-6.shtml
http://secunia.com/advisories/23131
http://secunia.com/advisories/22298
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
http://secunia.com/advisories/23309
http://secunia.com/advisories/23280
http://secunia.com/advisories/23340
http://secunia.com/advisories/23351
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://secunia.com/advisories/23680
http://secunia.com/advisories/23915
http://secunia.com/advisories/24950
http://secunia.com/advisories/24930
http://issues.rpath.com/browse/RPL-613
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
http://secunia.com/advisories/25889
http://secunia.com/advisories/26329
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.securityfocus.com/bid/28276
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
http://secunia.com/advisories/30124
http://secunia.com/advisories/31531
http://support.attachmate.com/techdocs/2374.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://secunia.com/advisories/31492
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2006/3860
http://www.vupen.com/english/advisories/2006/4019
http://www.vupen.com/english/advisories/2006/4264
http://www.vupen.com/english/advisories/2006/4417
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2006/3936
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
http://www.vupen.com/english/advisories/2006/3902
http://www.vupen.com/english/advisories/2006/4401
http://www.vupen.com/english/advisories/2006/4761
http://www.vupen.com/english/advisories/2006/4327
http://www.vupen.com/english/advisories/2006/3820
http://www.vupen.com/english/advisories/2006/4980
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2006/3869
http://www.vupen.com/english/advisories/2008/0905/references
http://www.vupen.com/english/advisories/2006/4036
http://www.vupen.com/english/advisories/2008/2396
http://www.vupen.com/english/advisories/2007/2783
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/29228
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/archive/1/447393/100/0/threaded
http://www.securityfocus.com/archive/1/447318/100/0/threaded

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2937
CWE	https://cwe.mitre.org/data/definitions/399.html