cpe:/a:openssl:openssl:0.9.8f cpe:/a:openssl:openssl:0.9.8g cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.8j cpe:/a:openssl:openssl:0.9.8k cpe:/a:openssl:openssl:0.9.8l cpe:/a:openssl:openssl:0.9.8m cpe:/a:openssl:openssl:0.9.8n cpe:/a:openssl:openssl:0.9.8o cpe:/a:openssl:openssl:1.0.0 cpe:/a:openssl:openssl:1.0.0a CVE-2010-3864 2010-11-17T11:00:01.763-05:00 2016-08-22T22:02:19.030-04:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-11-18T09:16:00.000-05:00 SECTRACK 1024743 BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX SECUNIA 42241 SECUNIA 42243 SECUNIA 42309 SECUNIA 42336 SECUNIA 42352 SECUNIA 42397 SECUNIA 42413 SECUNIA 43312 SECUNIA 44269 VUPEN ADV-2010-3041 VUPEN ADV-2010-3077 VUPEN ADV-2010-3097 VUPEN ADV-2010-3121 APPLE APPLE-SA-2011-06-23-1 DEBIAN DSA-2125 FEDORA FEDORA-2010-17826 FEDORA FEDORA-2010-17827 FEDORA FEDORA-2010-17847 FREEBSD FreeBSD-SA-10:10 HP HPSBGN02740 HP HPSBMA02658 IAVM IAVM:2011-A-0066 REDHAT RHSA-2010:0888 SLACKWARE SSA:2010-326-01 HP SSRT100339 HP SSRT100413 HP SSRT100475 HP SSRT100741 SUSE SUSE-SR:2010:022 CERT-VN VU#737740 MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released CONFIRM http://blogs.sun.com/security/entry/cve_2010_3864_race_condition CONFIRM http://openssl.org/news/secadv_20101116.txt CONFIRM http://support.apple.com/kb/HT4723 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 CONFIRM http://www.adobe.com/support/security/bulletins/apsb11-11.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=649304 Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.