The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
2006-09-28T18:07:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7a | Yes |
| Application | openssl | openssl | 0.9.7b | Yes |
| Application | openssl | openssl | 0.9.7c | Yes |
| Application | openssl | openssl | 0.9.7d | Yes |
| Application | openssl | openssl | 0.9.7e | Yes |
| Application | openssl | openssl | 0.9.7f | Yes |
| Application | openssl | openssl | 0.9.7g | Yes |
| Application | openssl | openssl | 0.9.7h | Yes |
| Application | openssl | openssl | 0.9.7i | Yes |
| Application | openssl | openssl | 0.9.7j | Yes |
| Application | openssl | openssl | 0.9.7k | Yes |
| Application | openssl | openssl | 0.9.8 | Yes |
| Application | openssl | openssl | 0.9.8a | Yes |
| Application | openssl | openssl | 0.9.8b | Yes |
| Application | openssl | openssl | 0.9.8c | Yes |
| Operating System | debian | debian_linux | 3.1 | Yes |
| Operating System | canonical | ubuntu_linux | 5.04 | Yes |
| Operating System | canonical | ubuntu_linux | 5.10 | Yes |
| Operating System | canonical | ubuntu_linux | 6.06 | Yes |