Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2010-5298

Published: 14/04/2014 Updated: 29/08/2022
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 357
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P
Subscribe to Openssl

Vulnerability Summary

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL up to and including 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote malicious users to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

mariadb mariadb

fedoraproject fedora 20

fedoraproject fedora 19

suse linux enterprise server 12

suse linux enterprise software development kit 12

suse linux enterprise desktop 12

suse linux enterprise workstation extension 12

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
OpenSSL could be made to crash if it received specially crafted network traffic ...
Debian Security Advisories: DSA-2908-1 openssl -- security update
Multiple vulnerabilities have been discovered in OpenSSL The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free Given a race condition in a multi-threaded application it may permit an attacker to ...
Debian CVElist Bug Report Logs: openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 1.0.1g and earlier
Debian Bug report logs - #747432 openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 101g and earlier Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Demetris Demetriou <mitsosgtir ...
Debian CVElist Bug Report Logs: openssl: CVE-2014-0076
Debian Bug report logs - #742923 openssl: CVE-2014-0076 Package: src:openssl; Maintainer for src:openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Sat, 29 Mar 2014 00:33:02 UTC Severity: important Tags: security Found in version opens ...
Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Debian Bug report logs - #775888 virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427 Package: virtualbox; Maintainer for virtualbox is Debian Virtualbox Team <team+debian-virtualbox@trackerdebianorg>; Source for virtualbox is src:virtualbox (PTS, buildd, popcon) Reported by: Mori ...
Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
Debian Bug report logs - #750665 openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Jeff Ballard < ...
Amazon Linux AMI: ALAS-2014-349
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must ...
Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)
Overview The OpenSSL security advisory released on the 5th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below: • CVE-2014-0224: SSL/TLS MITM vulnerability • CVE-2014-0221: DTLS recursion flaw • CVE-2014-0195: DTLS invalid fragment vulnerability • CVE-2014-0198: SSL_MODE_RELEASE_BUFFE ...

Recent Articles

FireEye patches OS, torpedos Exploit-DB disclosure
The Register • Darren Pauli • 10 Jul 2014

Researcher suspended after zero-day dump

FireEye has patched a series of publicly-disclosed flaws in its operating system (FEOS) that facilitated man-in-the-middle attacks and command injection. The vulnerabilities released over June affected versions NX, EX, AX, FX, and CM of the FEOS and were patched in the first individual security bulletin for the system. The company urged customers to apply fixes. "FireEye encourages all customers to upgrade to the most current releases as soon as practical - especially customers running versions ...

Read more...

References

CWE-362http://openwall.com/lists/oss-security/2014/04/13/1http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markuphttp://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sighttp://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reusehttps://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guesthttp://www.openbsd.org/errata55.html#004_opensslhttps://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guesthttp://www.securityfocus.com/bid/66801http://www.openssl.org/news/secadv_20140605.txthttps://kb.bluecoat.com/index?page=content&id=SA80http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslhttp://www.blackberry.com/btsc/KB36051http://www-01.ibm.com/support/docview.wss?uid=swg21676035http://secunia.com/advisories/59438http://secunia.com/advisories/59301http://secunia.com/advisories/59450http://secunia.com/advisories/59721http://www-01.ibm.com/support/docview.wss?uid=swg21677695http://secunia.com/advisories/59655http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmhttp://secunia.com/advisories/59162http://www-01.ibm.com/support/docview.wss?uid=swg21676655http://secunia.com/advisories/58939http://secunia.com/advisories/59666http://www-01.ibm.com/support/docview.wss?uid=swg21677828http://secunia.com/advisories/59490http://www-01.ibm.com/support/docview.wss?uid=swg21676062https://kc.mcafee.com/corporate/index?page=content&id=SB10075http://www-01.ibm.com/support/docview.wss?uid=swg21676419http://www-01.ibm.com/support/docview.wss?uid=swg21678167http://www-01.ibm.com/support/docview.wss?uid=swg21673137http://www-01.ibm.com/support/docview.wss?uid=swg21677527http://secunia.com/advisories/59669http://secunia.com/advisories/59413http://secunia.com/advisories/59300http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.fortiguard.com/advisory/FG-IR-14-018/http://secunia.com/advisories/59342http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://marc.info/?l=bugtraq&m=140431828824371&w=2http://marc.info/?l=bugtraq&m=141658880509699&w=2http://marc.info/?l=bugtraq&m=140448122410568&w=2http://marc.info/?l=bugtraq&m=140621259019789&w=2http://marc.info/?l=bugtraq&m=140544599631400&w=2http://marc.info/?l=bugtraq&m=140389274407904&w=2http://marc.info/?l=bugtraq&m=140904544427729&w=2http://marc.info/?l=bugtraq&m=140389355508263&w=2http://marc.info/?l=bugtraq&m=140752315422991&w=2https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlhttps://www.novell.com/support/kb/doc.php?id=7015271http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754http://www-01.ibm.com/support/docview.wss?uid=swg21683332http://www-01.ibm.com/support/docview.wss?uid=swg21677836http://www-01.ibm.com/support/docview.wss?uid=swg21676889http://www-01.ibm.com/support/docview.wss?uid=swg21676879http://www-01.ibm.com/support/docview.wss?uid=swg21676529http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:090http://www.ibm.com/support/docview.wss?uid=swg24037783http://www.ibm.com/support/docview.wss?uid=swg21676356http://support.citrix.com/article/CTX140876http://security.gentoo.org/glsa/glsa-201407-05.xmlhttp://secunia.com/advisories/59440http://secunia.com/advisories/59437http://secunia.com/advisories/59287http://secunia.com/advisories/58977http://secunia.com/advisories/58713http://secunia.com/advisories/58337http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=KB29195http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629http://advisories.mageia.org/MGASA-2014-0187.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttps://usn.ubuntu.com/2192-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook