4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.955 High
EPSS
Percentile
99.3%
Double free vulnerability in the ssl3_get_key_exchange function in the
OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and
possibly other versions, when using ECDH, allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted private key with an invalid prime. NOTE: some
sources refer to this as a use-after-free issue.
Author | Note |
---|---|
sbeattie | possibly stopped by glibc’s double-free heap protection, CVE asserts that it’s needed in 0.9.7, though the referenced email from solar designer claims that it’s not needed in 0.9.7 as ECDH hadn’t been introduced yet as of openssl 0.9.7m. |