Vulnerability DatabaseCVE-2010-5298
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2010-5298
April 14, 2014
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Related Resources (85)
http://secunia.com/advisories/59413
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://secunia.com/advisories/58939
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
http://www-01.ibm.com/support/docview.wss?uid=swg21676889
http://secunia.com/advisories/59655
http://secunia.com/advisories/59438
http://www.ibm.com/support/docview.wss?uid=swg24037783
http://www.securityfocus.com/bid/66801
http://www-01.ibm.com/support/docview.wss?uid=swg21677527
http://www-01.ibm.com/support/docview.wss?uid=swg21678167
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://secunia.com/advisories/59287
http://marc.info/?l=bugtraq&m=140904544427729&w=2
http://marc.info/?l=bugtraq&m=140389274407904&w=2
http://www.ibm.com/support/docview.wss?uid=swg21676356
https://www.novell.com/support/kb/doc.php?id=7015271
http://www-01.ibm.com/support/docview.wss?uid=swg21676529
http://www-01.ibm.com/support/docview.wss?uid=swg21683332
http://www.openbsd.org/errata55.html#004_openssl
http://marc.info/?l=bugtraq&m=140621259019789&w=2
http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://marc.info/?l=bugtraq&m=140389355508263&w=2
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://secunia.com/advisories/59301
http://marc.info/?l=bugtraq&m=140448122410568&w=2
http://secunia.com/advisories/59669
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/58713
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
http://www.openssl.org/news/secadv_20140605.txt
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
https://kb.bluecoat.com/index?page=content&id=SA80
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://secunia.com/advisories/59450
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090
https://access.redhat.com/security/cve/CVE-2010-5298
http://secunia.com/advisories/59666
http://www.blackberry.com/btsc/KB36051
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest
http://advisories.mageia.org/MGASA-2014-0187.html
http://secunia.com/advisories/59721
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://marc.info/?l=bugtraq&m=140431828824371&w=2
http://support.citrix.com/article/CTX140876
http://secunia.com/advisories/59490
http://secunia.com/advisories/58977
http://secunia.com/advisories/59342
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www.fortiguard.com/advisory/FG-IR-14-018/
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://marc.info/?l=bugtraq&m=141658880509699&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
https://people.canonical.com/~ubuntu-security/cve/CVE-2010-5298
http://www-01.ibm.com/support/docview.wss?uid=swg21677836
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://secunia.com/advisories/59437
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://secunia.com/advisories/59162
http://secunia.com/advisories/59300
http://secunia.com/advisories/59440
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://secunia.com/advisories/58337
https://security-tracker.debian.org/tracker/CVE-2010-5298
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup
http://openwall.com/lists/oss-security/2014/04/13/1
http://security.gentoo.org/glsa/glsa-201407-05.xml
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
http://marc.info/?l=bugtraq&m=140544599631400&w=2
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
4
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362
EPSS
Base Score:
10.73