CVE-2006-2940
Description
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
15.125
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2006-4343,CVE-2006-3738,CVE-2006-2940,CVE-2006-2937 are fixed in OpenSSL (x64) 0.9.7l | Windows |
| Vulnerabilities CVE-2006-4343,CVE-2006-3738,CVE-2006-2940,CVE-2006-2937 are fixed in OpenSSL (x64) 0.9.8d | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234