CVE-2010-2939

Severity

43%

Complexity

86%

Confidentiality

48%

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

Type

OpenSSL Project OpenSSL

First reported 14 years ago

2010-08-17 20:00:00

Last updated 6 years ago

2018-10-10 20:00:00

Affected Software

OpenSSL Project OpenSSL 0.9.7

0.9.7

OpenSSL Project OpenSSL 0.9.8

0.9.8

OpenSSL Project OpenSSL 1.0.0a

1.0.0a

References

SUSE-SR:2010:021

HPSBMA02662

20100807 openssl-1.0.0a

40906

Vendor Advisory

41105

42309

42413

43312

FreeBSD-SA-10:10

1024296

SSA:2010-326-01

DSA-2100

[openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;)

[openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;)

[openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;)

[oss-security] 20100812 Re: CVE Request: openssl double free

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

USN-1003-1

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

ADV-2010-2038