Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-5298

Опубликовано: 08 апр. 2014
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Отчет

This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6guest-imagesNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerNot affected
Red Hat JBoss Enterprise Application Platform 5opensslNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1087195openssl: freelist misuse causing a possible use-after-free

EPSS

Процентиль: 94%
0.14635
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-5298

ubuntu
около 11 лет назад

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

nvd логотип

CVE-2010-5298

nvd
около 11 лет назад

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

debian логотип

CVE-2010-5298

debian
около 11 лет назад

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ...

github логотип

GHSA-m249-hh62-97m2

github
около 3 лет назад

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

oracle-oval логотип

ELSA-2014-0679

oracle-oval
почти 11 лет назад

ELSA-2014-0679: openssl security update (IMPORTANT)

EPSS

Процентиль: 94%
0.14635
Средний

4.3 Medium

CVSS2