CVE-2006-2940

HIGH

secalert@redhat.com

Details

CVSS v2: 7.8
NVD published: 2006-09-28 18:07:00
Affected versions: cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
Summary: OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.