Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2939
HistoryAug 17, 2010 - 12:00 a.m.

CVE-2010-2939

2010-08-1700:00:00
ubuntu.com
ubuntu.com
7

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.955 High

EPSS

Percentile

99.3%

Double free vulnerability in the ssl3_get_key_exchange function in the
OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and
possibly other versions, when using ECDH, allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted private key with an invalid prime. NOTE: some
sources refer to this as a use-after-free issue.

Bugs

Notes

Author Note
sbeattie possibly stopped by glibc’s double-free heap protection, CVE asserts that it’s needed in 0.9.7, though the referenced email from solar designer claims that it’s not needed in 0.9.7 as ECDH hadn’t been introduced yet as of openssl 0.9.7m.
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchopenssl< 0.9.8a-7ubuntu0.13UNKNOWN
ubuntu8.04noarchopenssl< 0.9.8g-4ubuntu3.11UNKNOWN
ubuntu9.04noarchopenssl< 0.9.8g-15ubuntu3.6UNKNOWN
ubuntu9.10noarchopenssl< 0.9.8g-16ubuntu3.3UNKNOWN
ubuntu10.04noarchopenssl< 0.9.8k-7ubuntu8.3UNKNOWN

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.955 High

EPSS

Percentile

99.3%

Related for UB:CVE-2010-2939