CVE-2010-3864
Published Nov 17, 2010
Last updated 2 years ago
Overview
- Description
- Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.6
- Impact score
- 10
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-362
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677"
}
],
"operator": "OR"
}
]
}
]