Is CVE-2006-2937 in the CISA KEV catalog?

No. CVE-2006-2937 is not currently on the CISA Known Exploited Vulnerabilities list.

What is the CVSS severity of CVE-2006-2937?

CVE-2006-2937 has a CVSS v2 base score of 7.8 (HIGH).

What is the EPSS score for CVE-2006-2937?

CVE-2006-2937 has an EPSS score of 10.36% (95th percentile), estimating the probability of exploitation in the next 30 days.

CVE & CISA-KEV Catalog

CVE-2006-2937

HIGHEPSS 95th pctl

7.8

CVSS v2

NVD

Description

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

CWE-399

CVSS v2 Vector

No CVSS vector data available.

Exploit Intelligence

10.36%probability of exploitation in 30 days

95thpercentile

Very high risk: more likely to be exploited than 95% of all known CVEs.

References

http://docs.info.apple.com/article.html?artnum=304829
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
http://issues.rpath.com/browse/RPL-613
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://kolab.org/security/kolab-vendor-notice-11.txt
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://marc.info/?l=bind-announce&m=116253119512445&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://openbsd.org/errata.html#openssl2
http://openvpn.net/changelog.html
http://secunia.com/advisories/22094
http://secunia.com/advisories/22116
http://secunia.com/advisories/22130
http://secunia.com/advisories/22165
http://secunia.com/advisories/22166
http://secunia.com/advisories/22172
http://secunia.com/advisories/22186
http://secunia.com/advisories/22193
http://secunia.com/advisories/22207
http://secunia.com/advisories/22212
http://secunia.com/advisories/22216
http://secunia.com/advisories/22220
http://secunia.com/advisories/22240
http://secunia.com/advisories/22259
http://secunia.com/advisories/22260
http://secunia.com/advisories/22284
http://secunia.com/advisories/22298
http://secunia.com/advisories/22330
http://secunia.com/advisories/22385
http://secunia.com/advisories/22460
http://secunia.com/advisories/22487
http://secunia.com/advisories/22544
http://secunia.com/advisories/22626
http://secunia.com/advisories/22671
http://secunia.com/advisories/22758
http://secunia.com/advisories/22772
http://secunia.com/advisories/22799
http://secunia.com/advisories/23038
http://secunia.com/advisories/23131
http://secunia.com/advisories/23155
http://secunia.com/advisories/23280
http://secunia.com/advisories/23309
http://secunia.com/advisories/23340
http://secunia.com/advisories/23351
http://secunia.com/advisories/23680
http://secunia.com/advisories/23915
http://secunia.com/advisories/24930

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-23.