[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-0740

Date: (C)2010-03-26   (M)2017-09-22
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Reference:
SECTRACK-1023748
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
SECUNIA-39932
SECUNIA-42724
SECUNIA-42733
SECUNIA-43311
ADV-2010-0710
ADV-2010-0839
ADV-2010-0933
ADV-2010-1216
APPLE-SA-2011-06-23-1
FEDORA-2010-5744
IAVM:2011-A-0066
MDVSA-2010:076
SSRT100058
SSRT100108
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://support.apple.com/kb/HT4723
http://www.openssl.org/news/secadv_20100324.txt
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
https://kb.bluecoat.com/index?page=content&id=SA50

CPE    8
cpe:/a:openssl:openssl:0.9.8g
cpe:/a:openssl:openssl:0.9.8h
cpe:/a:openssl:openssl:0.9.8i
cpe:/a:openssl:openssl:0.9.8j
...
CWE    1
CWE-20
OVAL    10
oval:org.secpod.oval:def:301159
oval:org.secpod.oval:def:100122
oval:org.secpod.oval:def:100033
oval:org.secpod.oval:def:301182
...

© 2013 SecPod Technologies