CVE-2010-5298 in OpenSSLinfo

Summary

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Once again VulDB remains the best source for vulnerability data.

Reservation

04/14/2014

Disclosure

04/14/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
13456	OpenSSL SSL Mode Release Buffers ssl3_read_bytes race condition	362	Not defined	Official fix	CVE-2010-5298
13014	OpenSSL Multithreading s3_pkt.c ssl3_read_bytes race condition	362	Unproven	Official fix	CVE-2010-5298

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!