Lucene search

[email protected]NVD:CVE-2010-0742

HistoryJun 03, 2010 - 2:30 p.m.

CVE-2010-0742

2010-06-0314:30:01

CWE-310

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.251 Low

EPSS

Percentile

96.7%

JSON

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8n

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5beta1

opensslopensslMatch0.9.5beta2

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.5abeta1

opensslopensslMatch0.9.5abeta2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6beta1

opensslopensslMatch0.9.6beta2

opensslopensslMatch0.9.6beta3

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6abeta1

opensslopensslMatch0.9.6abeta2

opensslopensslMatch0.9.6abeta3

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7beta1

opensslopensslMatch0.9.7beta2

opensslopensslMatch0.9.7beta3

opensslopensslMatch0.9.7beta4

opensslopensslMatch0.9.7beta5

opensslopensslMatch0.9.7beta6

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

Node

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

References

cvs.openssl.org/chngview?cn=19693

cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1

marc.info/?l=bugtraq&m=129138643405740&w=2

rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest

secunia.com/advisories/40000

secunia.com/advisories/40024

secunia.com/advisories/42457

secunia.com/advisories/42724

secunia.com/advisories/42733

secunia.com/advisories/57353

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.openssl.org/news/secadv_20100601.txt

www.securityfocus.com/bid/40502

www.vupen.com/english/advisories/2010/1313

www.vupen.com/english/advisories/2010/3105

bugzilla.redhat.com/show_bug.cgi?id=598738

kb.bluecoat.com/index?page=content&id=SA50

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.251 Low

EPSS

Percentile

96.7%

JSON

Related for NVD:CVE-2010-0742

altlinux4 cvelist1 nessus11 cve1 seebug2 openvas20 attackerkb1 openssl1 checkpoint_advisories1 f52 prion1 ubuntucve1 debiancve1 fedora7 gentoo1 ibm6 lenovo2 oraclelinux3