ID CVE-2010-2939
Summary Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 10-10-2018 - 20:00)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bugtraq 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
confirm http://www.vmware.com/security/advisories/VMSA-2011-0003.html
debian DSA-2100
freebsd FreeBSD-SA-10:10
fulldisc 20100807 openssl-1.0.0a
hp
  • HPSBMA02662
  • SSRT100409
mlist
  • [openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;)
  • [openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;)
  • [openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;)
  • [oss-security] 20100812 Re: CVE Request: openssl double free
sectrack 1024296
secunia
  • 40906
  • 41105
  • 42309
  • 42413
  • 43312
slackware SSA:2010-326-01
suse SUSE-SR:2010:021
ubuntu USN-1003-1
vupen
  • ADV-2010-2038
  • ADV-2010-2229
  • ADV-2010-3077
Last major update 10-10-2018 - 20:00
Published 17-08-2010 - 20:00
Last modified 10-10-2018 - 20:00
Back to Top