CVE-2010-5298
Published: 14 April 2014
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Notes
| Author | Note |
|---|---|
| mdeslaur | introduced by https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8671b898609777c95aedf33743419a523874e6e8 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssl Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
| precise |
Released
(1.0.1-4ubuntu5.13)
|
|
| quantal |
Released
(1.0.1c-3ubuntu2.8)
|
|
| saucy |
Released
(1.0.1e-3ubuntu1.3)
|
|
| trusty |
Released
(1.0.1f-1ubuntu2.1)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d1f4b vendor: http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup vendor: http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig |
||
|
openssl098 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
(code not present)
|
|
| quantal |
Not vulnerable
(code not present)
|
|
| saucy |
Not vulnerable
(code not present)
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
References
- http://openwall.com/lists/oss-security/2014/04/13/1
- http://openwall.com/lists/oss-security/2014/04/13/2
- http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
- http://www.openbsd.org/errata55.html#004_openssl
- https://ubuntu.com/security/notices/USN-2192-1
- https://www.cve.org/CVERecord?id=CVE-2010-5298
- NVD
- Launchpad
- Debian