Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-3864
HistoryNov 17, 2010 - 12:00 a.m.

CVE-2010-3864

2010-11-1700:00:00
ubuntu.com
ubuntu.com
8

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.335 Low

EPSS

Percentile

97.0%

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o,
1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on
a TLS server, might allow remote attackers to execute arbitrary code via
client data that triggers a heap-based buffer overflow, related to (1) the
TLS server name extension and (2) elliptic curve cryptography.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenssl< 0.9.8g-4ubuntu3.12UNKNOWN
ubuntu9.10noarchopenssl< 0.9.8g-16ubuntu3.4UNKNOWN
ubuntu10.04noarchopenssl< 0.9.8k-7ubuntu8.4UNKNOWN
ubuntu10.10noarchopenssl< 0.9.8o-1ubuntu4.2UNKNOWN

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.335 Low

EPSS

Percentile

97.0%

Related for UB:CVE-2010-3864