CVE-2006-4343

Name	CVE-2006-4343
Description	The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1185-2, DSA-1195-1
Debian Bugs	389940

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
openssl (PTS)	bullseye	1.1.1w-0+deb11u1	fixed
	bullseye (security)	1.1.1w-0+deb11u2	fixed
	bookworm	3.0.15-1~deb12u1	fixed
	bookworm (security)	3.0.14-1~deb12u2	fixed
	sid, trixie	3.3.2-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
openssl	source	sarge	0.9.7e-3sarge4		DSA-1185-2
openssl	source	(unstable)	0.9.8c-2			389940
openssl096	source	sarge	0.9.6m-1sarge4		DSA-1195-1
openssl096	source	(unstable)	(unfixed)
openssl097	source	(unstable)	0.9.7k-2