QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-2939

Back to search

CVE-2010-2939

Published: Aug 17, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

VendorProductVersions

n/a

n/a

affected
n/a

References

SSA:2010-326-01
vendor-advisory
x_refsource_SLACKWARE
HPSBMA02662
vendor-advisory
x_refsource_HP
42413
third-party-advisory
x_refsource_SECUNIA
40906
third-party-advisory
x_refsource_SECUNIA
DSA-2100
vendor-advisory
x_refsource_DEBIAN
20100807 openssl-1.0.0a
mailing-list
x_refsource_FULLDISC
ADV-2010-2229
vdb-entry
x_refsource_VUPEN
ADV-2010-2038
vdb-entry
x_refsource_VUPEN
1024296
vdb-entry
x_refsource_SECTRACK
USN-1003-1
vendor-advisory
x_refsource_UBUNTU
SSRT100409
vendor-advisory
x_refsource_HP
42309
third-party-advisory
x_refsource_SECUNIA
ADV-2010-3077
vdb-entry
x_refsource_VUPEN
FreeBSD-SA-10:10
vendor-advisory
x_refsource_FREEBSD
43312
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2010:021
vendor-advisory
x_refsource_SUSE
41105
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now