CVE-2010-0740

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8f through 0.9.8m

Description The issue allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. This can be exploited to disrupt the confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For OpenSSL versions 0.9.8f through 0.9.8m, consider updating to a version newer than 0.9.8m to resolve the issue. As a temporary workaround, consider restricting access to TLS connections to minimize the risk of exploitation. Avoid using the ssl3 get record function in the affected OpenSSL versions until a patch is available.