Lucene search

K
cve[email protected]CVE-2010-2939
HistoryAug 17, 2010 - 8:00 p.m.

CVE-2010-2939

2010-08-1720:00:00
CWE-399
web.nvd.nist.gov
59
cve
2010-2939
double free
openssl
vulnerability
ssl
denial of service
crash
arbitrary code
nvd

7.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.955 High

EPSS

Percentile

99.3%

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

References

7.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.955 High

EPSS

Percentile

99.3%

Related for CVE-2010-2939