CVE-2006-4339

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.5a	0.9.5a
Openssl	Openssl	0.9.8b	0.9.8b
Openssl	Openssl	0.9.6i	0.9.6i
Openssl	Openssl	0.9.3	0.9.3
Openssl	Openssl	0.9.7c	0.9.7c
Openssl	Openssl	0.9.5	0.9.5
Openssl	Openssl	0.9.6d	0.9.6d
Openssl	Openssl	0.9.1c	0.9.1c
Openssl	Openssl	0.9.6	0.9.6
Openssl	Openssl	0.9.7j	0.9.7j
Openssl	Openssl	0.9.6a	0.9.6a
Openssl	Openssl	*	0.9.7
Openssl	Openssl	0.9.4	0.9.4
Openssl	Openssl	0.9.6a	0.9.6a
Openssl	Openssl	0.9.5a	0.9.5a
Openssl	Openssl	0.9.6f	0.9.6f
Openssl	Openssl	0.9.6	0.9.6
Openssl	Openssl	0.9.6l	0.9.6l
Openssl	Openssl	0.9.7g	0.9.7g
Openssl	Openssl	0.9.6e	0.9.6e
Openssl	Openssl	0.9.7d	0.9.7d
Openssl	Openssl	0.9.6b	0.9.6b
Openssl	Openssl	0.9.7e	0.9.7e
Openssl	Openssl	0.9.7b	0.9.7b
Openssl	Openssl	0.9.6a	0.9.6a
Openssl	Openssl	0.9.6k	0.9.6k
Openssl	Openssl	0.9.8a	0.9.8a
Openssl	Openssl	0.9.6g	0.9.6g
Openssl	Openssl	0.9.6	0.9.6
Openssl	Openssl	0.9.3a	0.9.3a
Openssl	Openssl	0.9.6h	0.9.6h
Openssl	Openssl	0.9.7i	0.9.7i
Openssl	Openssl	0.9.7h	0.9.7h
Openssl	Openssl	0.9.6j	0.9.6j
Openssl	Openssl	0.9.8	0.9.8
Openssl	Openssl	0.9.7a	0.9.7a
Openssl	Openssl	0.9.6c	0.9.6c
Openssl	Openssl	0.9.6	0.9.6
Openssl	Openssl	0.9.6m	0.9.6m
Openssl	Openssl	0.9.5	0.9.5
Openssl	Openssl	0.9.2b	0.9.2b
Openssl	Openssl	0.9.5	0.9.5
Openssl	Openssl	0.9.5a	0.9.5a
Openssl	Openssl	0.9.6a	0.9.6a
Openssl	Openssl	0.9.7f	0.9.7f

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4339
CWE	https://cwe.mitre.org/data/definitions/310.html

Affected Software

References