CVE-2010-4180

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8q OpenSSL versions 1.0.x prior to 1.0.0c openssl-devel-0.9.7a openssl-0.9.7a compat-openssl097g compat-openssl097g-32bit openssl (prior to version 1.0.0e)

Description The issue involves multiple vulnerabilities in the OpenSSL package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially allowing attackers to force the downgrade to an unintended cipher or gain unauthorized access to encrypted data. The vulnerabilities may also lead to a denial of service or unauthorized modification.

Recommendations For OpenSSL versions prior to 0.9.8q, update to version 0.9.8q or later. For OpenSSL versions 1.0.x prior to 1.0.0c, update to version 1.0.0c or later. For openssl-devel-0.9.7a, update to a version that is not affected by the vulnerability. For openssl-0.9.7a, update to a version that is not affected by the vulnerability. For compat-openssl097g, update to a version that is not affected by the vulnerability. For compat-openssl097g-32bit, update to a version that is not affected by the vulnerability. For openssl (prior to version 1.0.0e), update to version 1.0.0e or later. As a temporary workaround, consider restricting access to the vulnerable SSL/TLS implementation until a patch is available.