CVE-2010-2939

Priority
Description
Double free vulnerability in the ssl3_get_key_exchange function in the
OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and
possibly other versions, when using ECDH, allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted private key with an invalid prime. NOTE: some
sources refer to this as a use-after-free issue.
Notes
sbeattiepossibly stopped by glibc's double-free heap protection,
CVE asserts that it's needed in 0.9.7, though the referenced
email from solar designer claims that it's not needed in 0.9.7 as
ECDH hadn't been introduced yet as of openssl 0.9.7m.
Package
Upstream:needs-triage
Patches:
upstream:http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#heap-protector
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:55:24 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)