CVE-2010-5298

Priority
Description
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a multithreaded
environment.
Notes
mdeslaurintroduced by https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8671b898609777c95aedf33743419a523874e6e8
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
More Information

Updated: 2020-03-18 22:05:05 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)