Description

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Remediation

References

CVE-2006-4343

Related Vulnerabilities

WordPress Plugin Media Library Assistant Multiple Vulnerabilities (2.65)

Internet Information Services Other Vulnerability (CVE-1999-0737)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7412)

CrushFTP Server Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2017-14037)

OpenSSL Other Vulnerability (CVE-2003-0544)

Severity

Medium

Classification

CVE-2006-4343 CWE-476

Tags

Missing Update Known Vulnerabilities