[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0740Date: (C)2010-03-26   (M)2024-03-26


The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1023748
http://www.securityfocus.com/archive/1/516397/100/0/threaded
SECUNIA-39932
SECUNIA-42724
SECUNIA-42733
SECUNIA-43311
ADV-2010-0710
ADV-2010-0839
ADV-2010-0933
ADV-2010-1216
APPLE-SA-2011-06-23-1
FEDORA-2010-5744
HPSBUX02517
HPSBUX02531
MDVSA-2010:076
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://support.apple.com/kb/HT4723
http://www.openssl.org/news/secadv_20100324.txt
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
https://kb.bluecoat.com/index?page=content&id=SA50
oval:org.mitre.oval:def:11731

CPE    8
cpe:/a:openssl:openssl:0.9.8g
cpe:/a:openssl:openssl:0.9.8h
cpe:/a:openssl:openssl:0.9.8i
cpe:/a:openssl:openssl:0.9.8j
...
CWE    1
CWE-20
OVAL    10
oval:org.secpod.oval:def:21271
oval:org.secpod.oval:def:2875
oval:org.secpod.oval:def:842
oval:org.secpod.oval:def:100122
...

© SecPod Technologies