Unrated severityNVD Advisory· Published Sep 28, 2006· Updated Jun 16, 2026
CVE-2006-2940
CVE-2006-2940
Description
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
50cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*+ 47 more
- cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
- (no CPE)range: <0.9.7l, <0.9.8d
- osv-coords2 versionspkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweed
< 1.0.2u-6.2+ 1 more
- (no CPE)range: < 1.0.2u-6.2
- (no CPE)range: < 1.1.1l-1.2
Patches
Vulnerability mechanics
References
142- secunia.com/advisories/22094nvdVendor Advisory
- secunia.com/advisories/22116nvdVendor Advisory
- secunia.com/advisories/22130nvdVendor Advisory
- secunia.com/advisories/22165nvdVendor Advisory
- secunia.com/advisories/22166nvdVendor Advisory
- secunia.com/advisories/22172nvdVendor Advisory
- secunia.com/advisories/22186nvdVendor Advisory
- secunia.com/advisories/22193nvdVendor Advisory
- secunia.com/advisories/22207nvdVendor Advisory
- secunia.com/advisories/22212nvdVendor Advisory
- secunia.com/advisories/22216nvdVendor Advisory
- secunia.com/advisories/22220nvdVendor Advisory
- secunia.com/advisories/22240nvdVendor Advisory
- secunia.com/advisories/22259nvdVendor Advisory
- secunia.com/advisories/22260nvdVendor Advisory
- secunia.com/advisories/22284nvdVendor Advisory
- secunia.com/advisories/22330nvdVendor Advisory
- secunia.com/advisories/22385nvdVendor Advisory
- secunia.com/advisories/22460nvdVendor Advisory
- secunia.com/advisories/22500nvdVendor Advisory
- secunia.com/advisories/22544nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2006-0695.htmlnvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA06-333A.htmlnvdUS Government Resource
- ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascnvd
- patches.sgi.com/support/free/security/advisories/20061001-01-P.ascnvd
- docs.info.apple.com/article.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- issues.rpath.com/browse/RPL-613nvd
- itrc.hp.com/service/cki/docDisplay.donvd
- itrc.hp.com/service/cki/docDisplay.donvd
- kolab.org/security/kolab-vendor-notice-11.txtnvd
- lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlnvd
- lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlnvd
- lists.vmware.com/pipermail/security-announce/2008/000008.htmlnvd
- marc.infonvd
- marc.infonvd
- openbsd.org/errata.htmlnvd
- openvpn.net/changelog.htmlnvd
- secunia.com/advisories/22298nvd
- secunia.com/advisories/22487nvd
- secunia.com/advisories/22626nvd
- secunia.com/advisories/22671nvd
- secunia.com/advisories/22758nvd
- secunia.com/advisories/22772nvd
- secunia.com/advisories/22799nvd
- secunia.com/advisories/23038nvd
- secunia.com/advisories/23155nvd
- secunia.com/advisories/23280nvd
- secunia.com/advisories/23309nvd
- secunia.com/advisories/23340nvd
- secunia.com/advisories/23351nvd
- secunia.com/advisories/23680nvd
- secunia.com/advisories/23794nvd
- secunia.com/advisories/23915nvd
- secunia.com/advisories/24930nvd
- secunia.com/advisories/24950nvd
- secunia.com/advisories/25889nvd
- secunia.com/advisories/26329nvd
- secunia.com/advisories/26893nvd
- secunia.com/advisories/30124nvd
- secunia.com/advisories/31492nvd
- secunia.com/advisories/31531nvd
- security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascnvd
- security.gentoo.org/glsa/glsa-200610-11.xmlnvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- slackware.com/security/viewer.phpnvd
- sourceforge.net/project/shownotes.phpnvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.attachmate.com/techdocs/2374.htmlnvd
- support.avaya.com/elmodocs2/security/ASA-2006-220.htmnvd
- support.avaya.com/elmodocs2/security/ASA-2006-260.htmnvd
- www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdfnvd
- www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdfnvd
- www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.htmlnvd
- www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtmlnvd
- www.debian.org/security/2006/dsa-1185nvd
- www.debian.org/security/2006/dsa-1195nvd
- www.gentoo.org/security/en/glsa/glsa-200612-11.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_24_sr.htmlnvd
- www.novell.com/linux/security/advisories/2006_58_openssl.htmlnvd
- www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlnvd
- www.openssl.org/news/secadv_20060928.txtnvd
- www.oracle.com/technetwork/topics/security/cpujan2007-101493.htmlnvd
- www.osvdb.org/29261nvd
- www.redhat.com/support/errata/RHSA-2008-0629.htmlnvd
- www.securityfocus.com/archive/1/447318/100/0/threadednvd
- www.securityfocus.com/archive/1/447393/100/0/threadednvd
- www.securityfocus.com/archive/1/456546/100/200/threadednvd
- www.securityfocus.com/archive/1/489739/100/0/threadednvd
- www.securityfocus.com/bid/20247nvd
- www.securityfocus.com/bid/22083nvd
- www.securityfocus.com/bid/28276nvd
- www.serv-u.com/releasenotes/nvd
- www.trustix.org/errata/2006/0054nvd
- www.ubuntu.com/usn/usn-353-1nvd
- www.ubuntu.com/usn/usn-353-2nvd
- www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdfnvd
- www.vmware.com/security/advisories/VMSA-2008-0005.htmlnvd
- www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlnvd
- www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlnvd
- www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlnvd
- www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlnvd
- www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlnvd
- www.vmware.com/support/player/doc/releasenotes_player.htmlnvd
- www.vmware.com/support/player2/doc/releasenotes_player2.htmlnvd
- www.vmware.com/support/server/doc/releasenotes_server.htmlnvd
- www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlnvd
- www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlnvd
- www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlnvd
- www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlnvd
- www.vupen.com/english/advisories/2006/3820nvd
- www.vupen.com/english/advisories/2006/3860nvd
- www.vupen.com/english/advisories/2006/3869nvd
- www.vupen.com/english/advisories/2006/3902nvd
- www.vupen.com/english/advisories/2006/3936nvd
- www.vupen.com/english/advisories/2006/4019nvd
- www.vupen.com/english/advisories/2006/4036nvd
- www.vupen.com/english/advisories/2006/4264nvd
- www.vupen.com/english/advisories/2006/4327nvd
- www.vupen.com/english/advisories/2006/4329nvd
- www.vupen.com/english/advisories/2006/4401nvd
- www.vupen.com/english/advisories/2006/4417nvd
- www.vupen.com/english/advisories/2006/4750nvd
- www.vupen.com/english/advisories/2006/4980nvd
- www.vupen.com/english/advisories/2007/0343nvd
- www.vupen.com/english/advisories/2007/1401nvd
- www.vupen.com/english/advisories/2007/2315nvd
- www.vupen.com/english/advisories/2007/2783nvd
- www.vupen.com/english/advisories/2008/0905/referencesnvd
- www.vupen.com/english/advisories/2008/2396nvd
- www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdfnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/29230nvd
- issues.rpath.com/browse/RPL-1633nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311nvd
- www2.itrc.hp.com/service/cki/docDisplay.donvd
News mentions
0No linked articles in our index yet.