CVE-2006-4343
Openssl - NULL Pointer Dereference
Title source: ruleDescription
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Noam Rathaus · perldosmultiple
https://www.exploit-db.com/exploits/4773
exploitdb
WORKING POC
VERIFIED
by Noam Rathaus · perldosmultiple
https://www.exploit-db.com/exploits/28726
References (131)
... and 111 more
Scores
EPSS
0.0693
EPSS Percentile
91.4%
Details
CWE
CWE-476
Status
published
Products (20)
canonical/ubuntu_linux
5.04
canonical/ubuntu_linux
5.10
canonical/ubuntu_linux
6.06
debian/debian_linux
3.1
openssl/openssl
0.9.7
openssl/openssl
0.9.7a
openssl/openssl
0.9.7b
openssl/openssl
0.9.7c
openssl/openssl
0.9.7d
openssl/openssl
0.9.7e
... and 10 more
Published
Sep 28, 2006
Tracked Since
Feb 18, 2026