cve/CVE-2006-2940.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

Description

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

POC

Reference

http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
http://www.ubuntu.com/usn/usn-353-1
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/chnzzh/OpenSSL-CVE-lib

1.3 KiB Raw Blame History

CVE-2006-2940

Description

POC

Reference

Github

1.3 KiB

Raw Blame History