Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-2939

Опубликовано: 17 авг. 2010
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3

Описание

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

РелизСтатусПримечание
dapper

released

0.9.8a-7ubuntu0.13
devel

released

0.9.8o-1ubuntu4.1
hardy

released

0.9.8g-4ubuntu3.11
jaunty

released

0.9.8g-15ubuntu3.6
karmic

released

0.9.8g-16ubuntu3.3
lucid

released

0.9.8k-7ubuntu8.3
upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

ignored

end of life
devel

DNE

hardy

DNE

jaunty

DNE

karmic

DNE

lucid

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2010-2939

redhat
больше 15 лет назад

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

nvd логотип

CVE-2010-2939

nvd
больше 15 лет назад

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

debian логотип

CVE-2010-2939

debian
больше 15 лет назад

Double free vulnerability in the ssl3_get_key_exchange function in the ...

github логотип

GHSA-f7m9-58qq-wp2m

github
больше 3 лет назад

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

fstec логотип

BDU:2015-09418

CVSS3: 7.3
fstec
больше 14 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

4.3 Medium

CVSS2