CVE-2006-2940
EPSS 2.9%openssl096
發布日:2006/9/28修改日:2026/4/28
也稱為:DEBIAN-CVE-2006-2940
描述
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
受影響套件(2)
- Debian/opensslfrom 0, < 0.9.8c-2
- Debian/openssl096from 0, < 0.9.6m-1sarge4