Lucene search

K

[email protected]NVD:CVE-2010-0740

HistoryMar 26, 2010 - 6:30 p.m.

CVE-2010-0740

2010-03-2618:30:00

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.3 High

AI Score

Confidence

High

0.956 High

EPSS

Percentile

99.4%

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

opensslopensslMatch0.9.8f

OR

opensslopensslMatch0.9.8g

OR

opensslopensslMatch0.9.8h

OR

opensslopensslMatch0.9.8i

OR

opensslopensslMatch0.9.8j

OR

opensslopensslMatch0.9.8k

OR

opensslopensslMatch0.9.8l

OR

opensslopensslMatch0.9.8m

References

aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc

lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html

marc.info/?l=bugtraq&m=127128920008563&w=2

marc.info/?l=bugtraq&m=127557640302499&w=2

secunia.com/advisories/39932

secunia.com/advisories/42724

secunia.com/advisories/42733

secunia.com/advisories/43311

support.apple.com/kb/HT4723

www.mandriva.com/security/advisories?name=MDVSA-2010:076

www.openssl.org/news/secadv_20100324.txt

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securitytracker.com/id?1023748

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/0710

www.vupen.com/english/advisories/2010/0839

www.vupen.com/english/advisories/2010/0933

www.vupen.com/english/advisories/2010/1216

kb.bluecoat.com/index?page=content&id=SA50

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.3 High

AI Score

Confidence

High

0.956 High

EPSS

Percentile

99.4%

Related for NVD:CVE-2010-0740

nessus13 f52 openvas25 ubuntucve1 checkpoint_advisories2 debiancve1 intel1 seebug2 openssl1 exploitpack1 cvelist1 cve1 prion1 exploitdb1 altlinux4 slackware1 securityvulns4 fedora4 gentoo1