Back to search
CVE-2010-5298
Published: Apr 14, 2014
Modified: Aug 7, 2024
PUBLISHED
Description
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
59342
third-party-advisory
x_refsource_SECUNIA
59669
third-party-advisory
x_refsource_SECUNIA
66801
vdb-entry
x_refsource_BID
HPSBGN03068
vendor-advisory
x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676879
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
x_refsource_CONFIRM
HPSBMU03074
vendor-advisory
x_refsource_HP
59300
third-party-advisory
x_refsource_SECUNIA
GLSA-201407-05
vendor-advisory
x_refsource_GENTOO
http://www.ibm.com/support/docview.wss?uid=swg24037783
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676529
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_BUGTRAQ
http://www-01.ibm.com/support/docview.wss?uid=swg21676889
x_refsource_CONFIRM
FEDORA-2014-9308
vendor-advisory
x_refsource_FEDORA
MDVSA-2014:090
vendor-advisory
x_refsource_MANDRIVA
59440
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
59655
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21677836
x_refsource_CONFIRM
59437
third-party-advisory
x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
x_refsource_CONFIRM
http://www.fortiguard.com/advisory/FG-IR-14-018/
x_refsource_CONFIRM
SUSE-SU-2015:0743
vendor-advisory
x_refsource_SUSE
http://www.ibm.com/support/docview.wss?uid=swg21676356
x_refsource_CONFIRM
HPSBMU03057
vendor-advisory
x_refsource_HP
http://support.citrix.com/article/CTX140876
x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0187.html
x_refsource_CONFIRM
58939
third-party-advisory
x_refsource_SECUNIA
20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
vendor-advisory
x_refsource_CISCO
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
x_refsource_CONFIRM
59438
third-party-advisory
x_refsource_SECUNIA
HPSBHF03052
vendor-advisory
x_refsource_HP
http://www.openssl.org/news/secadv_20140605.txt
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_FULLDISC
59301
third-party-advisory
x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA80
x_refsource_CONFIRM
HPSBMU03076
vendor-advisory
x_refsource_HP
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678167
x_refsource_CONFIRM
FEDORA-2014-9301
vendor-advisory
x_refsource_FEDORA
HPSBMU03062
vendor-advisory
x_refsource_HP
HPSBMU03056
vendor-advisory
x_refsource_HP
HPSBMU03051
vendor-advisory
x_refsource_HP
59666
third-party-advisory
x_refsource_SECUNIA
HPSBMU03055
vendor-advisory
x_refsource_HP
59413
third-party-advisory
x_refsource_SECUNIA
[5.5] 004: SECURITY FIX: April 12, 2014
vendor-advisory
x_refsource_OPENBSD
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
x_refsource_CONFIRM
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
x_refsource_CONFIRM
59721
third-party-advisory
x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
x_refsource_CONFIRM
58713
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
x_refsource_CONFIRM
MDVSA-2015:062
vendor-advisory
x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
x_refsource_CONFIRM
59450
third-party-advisory
x_refsource_SECUNIA
59287
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683332
x_refsource_CONFIRM
58977
third-party-advisory
x_refsource_SECUNIA
https://www.novell.com/support/kb/doc.php?id=7015271
x_refsource_CONFIRM
http://www.blackberry.com/btsc/KB36051
x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21677527
x_refsource_CONFIRM
58337
third-party-advisory
x_refsource_SECUNIA
59162
third-party-advisory
x_refsource_SECUNIA
59490
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20140412 Use-after-free race condition,in OpenSSL's read buffer
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now