Russian Vulnerability Scanner Database

Back to List

CVE-2010-5298

Scores

EPSS

0.107very_low10.7%
0%20%40%60%80%100%

Percentile: 10.7%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Description

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-362CWE-416

Related Vulnerabilities

BDU:2015-09698

Exploits

Exploit ID: CVE-2014-0195

Source: github-poc

URL: https://github.com/PezwariNaan/CVE-2014-0195

Exploit ID: CVE-2014-0224

Source: github-poc

URL: https://github.com/secretnonempty/CVE-2014-0224

Recommendations

Source: nvd

All OpenSSL users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-libs/openssl-1.0.1h-r1”

URL: http://security.gentoo.org/glsa/glsa-201407-05.xml

Vulnerable Software (27)

Type: Configuration

Product: i586-libcrypto10

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: i586-libssl-devel

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: i586-libssl-devel-static

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: i586-libssl10

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: i586-openssl-engines

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: libcrypto10

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: libssl-devel

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: libssl-devel-static

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: libssl10

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 6

Trait: 
{  "fixed": "1.0.1e-16.el6_5.14"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 7

Trait: 
{  "fixed": "1.0.1e-34.el7_0.3"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel

Trait: 
{  "fixed": "1.0.1e-16.el6_5.14"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: ubuntu trusty 14.04

Trait: 
{  "fixed": "1.0.1f-1ubuntu2.1"}

Source: ubuntu

Type: Configuration

Product: openssl

Operating System: debian

Trait: 
{  "fixed": "1.0.1g-3"}

Source: debian

Type: Configuration

Product: openssl

Operating System: debian squeeze 6

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: openssl

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: openssl-doc

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: openssl-engines

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat

Type: Configuration

Product: openssl098

Operating System: ubuntu trusty 14.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: tsget

Operating System: altlinux

Trait: 
{  "fixed": "0:1.0.1h-alt1"}

Source: redhat