CVE-2006-4343

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.7 (including)	0.9.7 (including)
Openssl	Openssl	0.9.7a (including)	0.9.7a (including)
Openssl	Openssl	0.9.7b (including)	0.9.7b (including)
Openssl	Openssl	0.9.7c (including)	0.9.7c (including)
Openssl	Openssl	0.9.7d (including)	0.9.7d (including)
Openssl	Openssl	0.9.7e (including)	0.9.7e (including)
Openssl	Openssl	0.9.7f (including)	0.9.7f (including)
Openssl	Openssl	0.9.7g (including)	0.9.7g (including)
Openssl	Openssl	0.9.7h (including)	0.9.7h (including)
Openssl	Openssl	0.9.7i (including)	0.9.7i (including)
Openssl	Openssl	0.9.7j (including)	0.9.7j (including)
Openssl	Openssl	0.9.7k (including)	0.9.7k (including)
Openssl	Openssl	0.9.8 (including)	0.9.8 (including)
Openssl	Openssl	0.9.8a (including)	0.9.8a (including)
Openssl	Openssl	0.9.8b (including)	0.9.8b (including)
Openssl	Openssl	0.9.8c (including)	0.9.8c (including)
Red Hat Enterprise Linux 2.1	RedHat	openssl-0:0.9.6b-46	*
Red Hat Enterprise Linux 2.1	RedHat	openssl095a-0:0.9.5a-32	*
Red Hat Enterprise Linux 2.1	RedHat	openssl096-0:0.9.6-32	*
Red Hat Enterprise Linux 3	RedHat	openssl-0:0.9.7a-33.21	*
Red Hat Enterprise Linux 3	RedHat	openssl096b-0:0.9.6b-16.46	*
Red Hat Enterprise Linux 4	RedHat	openssl-0:0.9.7a-43.14	*
Red Hat Enterprise Linux 4	RedHat	openssl096b-0:0.9.6b-22.46	*
Red Hat Network Satellite Server v 4.2	RedHat	rhn-solaris-bootstrap-0:5.0.2-3	*
Red Hat Network Satellite Server v 4.2	RedHat	rhn_solaris_bootstrap_5_0_2_3-0:1-0	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	rhn-solaris-bootstrap-0:5.0.2-3	*
Red Hat Network Satellite Server v 4.2 (RHEL3)	RedHat	rhn_solaris_bootstrap_5_0_2_3-0:1-0	*
Red Hat Network Satellite Server v 5.0	RedHat	rhn-solaris-bootstrap-0:5.0.2-3	*
Red Hat Network Satellite Server v 5.0	RedHat	rhn_solaris_bootstrap_5_0_2_3-0:1-0	*
Red Hat Network Satellite Server v 5.1	RedHat	rhn-solaris-bootstrap-0:5.1.1-3	*
Red Hat Network Satellite Server v 5.1	RedHat	rhn_solaris_bootstrap_5_1_1_3-0:1-0	*
Openssl	Ubuntu	dapper	*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	edgy	*
Openssl	Ubuntu	feisty	*
Openssl097	Ubuntu	dapper	*
Openssl097	Ubuntu	devel	*
Openssl097	Ubuntu	edgy	*
Openssl097	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4343
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References