Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL up to and including 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote malicious users to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl |
||
mariadb mariadb |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 19 |
||
suse linux enterprise server 12 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise desktop 12 |
||
suse linux enterprise workstation extension 12 |
Researcher suspended after zero-day dump
FireEye has patched a series of publicly-disclosed flaws in its operating system (FEOS) that facilitated man-in-the-middle attacks and command injection. The vulnerabilities released over June affected versions NX, EX, AX, FX, and CM of the FEOS and were patched in the first individual security bulletin for the system. The company urged customers to apply fixes. "FireEye encourages all customers to upgrade to the most current releases as soon as practical - especially customers running versions ...