Lucene search

K
opensslOpenSSLOPENSSL:CVE-2010-5298
HistoryApr 08, 2014 - 12:00 a.m.

Vulnerability in OpenSSL - SSL_MODE_RELEASE_BUFFERS session injection or denial of service

2014-04-0800:00:00
www.openssl-library.org
55

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

AI Score

7

Confidence

High

EPSS

0.029

Percentile

90.8%

A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

Affected configurations

Vulners
Node
opensslopensslRange1.0.11.0.1h
OR
opensslopensslRange1.0.01.0.0m
VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

AI Score

7

Confidence

High

EPSS

0.029

Percentile

90.8%