CVE-2006-2940 in OpenSSLinfo

Summary

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

Reservation

06/09/2006

Disclosure

09/28/2006

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
2575	OpenSSL ASN.1 Public Key resource management	399	Proof-of-Concept	Official fix	CVE-2006-2940

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!