National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2010-5298 Detail

Current Description

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Source:  MITRE      Last Modified:  04/14/2014      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2010-5298
Original release date:
04/14/2014
Last revised:
11/14/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.0 MEDIUM
Vector:
(AV:N/AC:H/Au:N/C:N/I:P/A:P) (legend)
Impact Subscore:
4.9
Exploitability Subscore:
4.9
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
High
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://advisories.mageia.org/MGASA-2014-0187.html External Source CONFIRM http://advisories.mageia.org/MGASA-2014-0187.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig External Source CONFIRM http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html External Source FEDORA FEDORA-2014-9301
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html External Source FEDORA FEDORA-2014-9308
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html External Source SUSE SUSE-SU-2015:0743
http://marc.info/?l=bugtraq&m=140389274407904&w=2 External Source HP HPSBMU03057
http://marc.info/?l=bugtraq&m=140389355508263&w=2 External Source HP HPSBMU03056
http://marc.info/?l=bugtraq&m=140431828824371&w=2 External Source HP HPSBMU03055
http://marc.info/?l=bugtraq&m=140448122410568&w=2 External Source HP HPSBMU03051
http://marc.info/?l=bugtraq&m=140544599631400&w=2 External Source HP HPSBGN03068
http://marc.info/?l=bugtraq&m=140621259019789&w=2 External Source HP HPSBMU03074
http://marc.info/?l=bugtraq&m=140752315422991&w=2 External Source HP HPSBMU03062
http://marc.info/?l=bugtraq&m=140904544427729&w=2 External Source HP HPSBMU03076
http://marc.info/?l=bugtraq&m=141658880509699&w=2 External Source HP HPSBHF03052
http://openwall.com/lists/oss-security/2014/04/13/1 Patch External Source MLIST [oss-security] 20140412 Use-after-free race condition,in OpenSSL's read buffer
http://seclists.org/fulldisclosure/2014/Dec/23 External Source FULLDISC 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://secunia.com/advisories/58337 External Source SECUNIA 58337
http://secunia.com/advisories/58713 External Source SECUNIA 58713
http://secunia.com/advisories/58977 External Source SECUNIA 58977
http://secunia.com/advisories/59287 External Source SECUNIA 59287
http://secunia.com/advisories/59437 External Source SECUNIA 59437
http://secunia.com/advisories/59440 External Source SECUNIA 59440
http://security.gentoo.org/glsa/glsa-201407-05.xml External Source GENTOO GLSA-201407-05
http://support.citrix.com/article/CTX140876 External Source CONFIRM http://support.citrix.com/article/CTX140876
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup External Source CONFIRM http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl External Source CISCO 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://www.blackberry.com/btsc/KB36051 External Source CONFIRM http://www.blackberry.com/btsc/KB36051
http://www.fortiguard.com/advisory/FG-IR-14-018/ External Source CONFIRM http://www.fortiguard.com/advisory/FG-IR-14-018/
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm External Source CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.ibm.com/support/docview.wss?uid=swg21676356 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21676356
http://www.ibm.com/support/docview.wss?uid=swg24037783 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg24037783
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090 External Source MANDRIVA MDVSA-2014:090
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 External Source MANDRIVA MDVSA-2015:062
http://www.openbsd.org/errata55.html#004_openssl External Source OPENBSD [5.5] 004: SECURITY FIX: April 12, 2014
http://www.openssl.org/news/secadv_20140605.txt External Source CONFIRM http://www.openssl.org/news/secadv_20140605.txt
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded External Source BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://www.securityfocus.com/bid/66801 External Source BID 66801
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse External Source MISC http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
http://www.vmware.com/security/advisories/VMSA-2014-0006.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676529 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676529
http://www-01.ibm.com/support/docview.wss?uid=swg21676655 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://www-01.ibm.com/support/docview.wss?uid=swg21676879 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www-01.ibm.com/support/docview.wss?uid=swg21676889 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676889
http://www-01.ibm.com/support/docview.wss?uid=swg21677527 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677527
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677828
http://www-01.ibm.com/support/docview.wss?uid=swg21677836 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677836
http://www-01.ibm.com/support/docview.wss?uid=swg21678167 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678167
http://www-01.ibm.com/support/docview.wss?uid=swg21683332 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21683332
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kb.bluecoat.com/index?page=content&id=SA80 External Source CONFIRM https://kb.bluecoat.com/index?page=content&id=SA80
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10075
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest External Source MISC https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest External Source MISC https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest
https://www.novell.com/support/kb/doc.php?id=7015271 External Source CONFIRM https://www.novell.com/support/kb/doc.php?id=7015271

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
Showing 100 of 107 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 13 change records found - show changes