PT-2014-1876 · Openssl+10 · Openssl+10

Tedu

Publicado

2014-04-14

Atualizado

2024-06-15

CVE-2010-5298

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1g and earlier OpenSSL versions prior to 1.0.1h

Description A race condition in the ssl3 read bytes function in s3 pkt.c allows remote attackers to inject data across sessions or cause a denial of service via an SSL connection in a multithreaded environment when SSL MODE RELEASE BUFFERS is enabled. This issue can lead to a use-after-free and parsing error. The vulnerability can be exploited remotely and may compromise the confidentiality, integrity, and availability of protected information.

Recommendations For OpenSSL versions 1.0.1g and earlier, update to version 1.0.1h or later to resolve the issue. For OpenSSL versions prior to 1.0.1h, update to version 1.0.1h or later to resolve the issue. As a temporary workaround, consider disabling the SSL MODE RELEASE BUFFERS mode until a patch is available.

Exploit

Correção

DoS

Race Condition

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-476

Identificadores relacionados

ALT-PU-2014-1734

BDU:2015-09698

CESA-2014_0625

CVE-2010-5298

DSA-2908-1

MGASA-2014-0187

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

RHSA-2014:0625

RHSA-2014:0628

RHSA-2014:0679

RHSA-2014_0625

RHSA-2014_0679

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2015:0546-1

SUSE-SU-2015:0743-1

SUSE-SU-2015:1185-1

USN-2192-1

Produtos afetados

Alt Linux

Centos

Huawei Vrp

Ibm Aix

Junos

Mariadb Server

Openssl

Red Hat

Suse

Ubuntu

Vmware Vcenter

PT-2014-1876 · Openssl+10 · Openssl+10

CVE-2010-5298

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 348