7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.335 Low
EPSS
Percentile
97.0%
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o,
1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on
a TLS server, might allow remote attackers to execute arbitrary code via
client data that triggers a heap-based buffer overflow, related to (1) the
TLS server name extension and (2) elliptic curve cryptography.