Vulnerability Details : CVE-2010-0740
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
Vulnerability category: Memory CorruptionInput validationDenial of service
Products affected by CVE-2010-0740
- cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0740
95.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0740
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-0740
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2010-0740
-
Red Hat 2010-03-27Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5.
References for CVE-2010-0740
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731
Repository / Oval Repository
-
http://www.openssl.org/news/secadv_20100324.txt
Patch;Vendor Advisory
-
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
[SECURITY] Fedora 13 Update: openssl-1.0.0-1.fc13
-
http://marc.info/?l=bugtraq&m=127557640302499&w=2
'[security bulletin] HPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Den' - MARC
-
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
-
http://www.vupen.com/english/advisories/2010/0839
Webmail | OVH- OVH
-
http://www.securitytracker.com/id?1023748
OpenSSL Record Processing Bug Lets Remote Users Deny Service - SecurityTracker
-
http://support.apple.com/kb/HT4723
About the security content of Mac OS X v10.6.8 and Security Update 2011-004 - Apple Support
-
https://kb.bluecoat.com/index?page=content&id=SA50
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
mandriva.com
-
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
-
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
VMSA-2011-0003.2
-
http://www.vupen.com/english/advisories/2010/0710
Webmail | OVH- OVHPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/1216
Webmail | OVH- OVH
-
http://marc.info/?l=bugtraq&m=127128920008563&w=2
'[security bulletin] HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Inform' - MARC
-
http://www.vupen.com/english/advisories/2010/0933
Webmail | OVH- OVH
-
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Apple - Lists.apple.com
-
http://www.securityfocus.com/archive/1/516397/100/0/threaded
SecurityFocus
-
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
VMware vCenter Server 4.1 Update 1 Release Notes
Jump to