Lucene search

[email protected]NVD:CVE-2010-3864

HistoryNov 17, 2010 - 4:00 p.m.

CVE-2010-3864

2010-11-1716:00:01

CWE-362

[email protected]

web.nvd.nist.gov

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.335 Low

EPSS

Percentile

97.1%

JSON

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

Affected configurations

NVD

Node

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0a

References

blogs.sun.com/security/entry/cve_2010_3864_race_condition

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777

lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html

lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html

marc.info/?l=bugtraq&m=129916880600544&w=2

marc.info/?l=bugtraq&m=130497251507577&w=2

marc.info/?l=bugtraq&m=132828103218869&w=2

openssl.org/news/secadv_20101116.txt

secunia.com/advisories/42241

secunia.com/advisories/42243

secunia.com/advisories/42309

secunia.com/advisories/42336

secunia.com/advisories/42352

secunia.com/advisories/42397

secunia.com/advisories/42413

secunia.com/advisories/43312

secunia.com/advisories/44269

secunia.com/advisories/57353

security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc

securitytracker.com/id?1024743

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793

support.apple.com/kb/HT4723

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.adobe.com/support/security/bulletins/apsb11-11.html

www.debian.org/security/2010/dsa-2125

www.kb.cert.org/vuls/id/737740

www.securityfocus.com/archive/1/516397/100/0/threaded

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2010/3041

www.vupen.com/english/advisories/2010/3077

www.vupen.com/english/advisories/2010/3097

www.vupen.com/english/advisories/2010/3121

bugzilla.redhat.com/show_bug.cgi?id=649304

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

rhn.redhat.com/errata/RHSA-2010-0888.html

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.335 Low

EPSS

Percentile

97.1%

JSON

Related for NVD:CVE-2010-3864

freebsd1 redhat1 nessus27 openvas38 osv1 f52 openssl1 securityvulns5 debian2 debiancve1 prion1 ubuntu1 fedora8 ubuntucve1 cvelist1 cve1 slackware1 oraclelinux5 altlinux4 freebsd_advisory1 ibm8 cert1 gentoo1