// For flags

CVE-2010-2939

OpenSSL - 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

Vulnerabilidad de doble liberación en la función ssl3_get_key_exchange en el cliente OpenSSL (ssl/s3_clnt.c) de OpenSSL v1.0.0a, v0.9.8, v0.9.7, y posiblemente otras versiones, cuando usa ECDH, permite a atacantes depediendo del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código a su elección a través de claves privadas manipuladas con un número no válido. NOTA: algunas fuentes se refieren a esto como un problema de uso después de la liberación.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-08-04 CVE Reserved
  • 2010-08-07 First Exploit
  • 2010-08-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (23)
URL Tag Source
http://seclists.org/fulldisclosure/2010/Aug/84 Mailing List
http://secunia.com/advisories/41105 Third Party Advisory
http://secunia.com/advisories/42309 Third Party Advisory
http://secunia.com/advisories/42413 Third Party Advisory
http://secunia.com/advisories/43312 Third Party Advisory
http://securitytracker.com/id?1024296 Vdb Entry
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html Mailing List
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html Mailing List
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html Mailing List
http://www.openwall.com/lists/oss-security/2010/08/11/6 Mailing List
http://www.securityfocus.com/archive/1/516397/100/0/threaded Mailing List
http://www.vmware.com/security/advisories/VMSA-2011-0003.html X_refsource_confirm
http://www.vupen.com/english/advisories/2010/2229 Vdb Entry
http://www.vupen.com/english/advisories/2010/3077 Vdb Entry
URL Date SRC
https://www.exploit-db.com/exploits/34427 2010-08-07
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html 2023-11-07
http://marc.info/?l=bugtraq&m=130331363227777&w=2 2023-11-07
http://secunia.com/advisories/40906 2023-11-07
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc 2023-11-07
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793 2023-11-07
http://www.debian.org/security/2010/dsa-2100 2023-11-07
http://www.ubuntu.com/usn/USN-1003-1 2023-11-07
http://www.vupen.com/english/advisories/2010/2038 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.7
Search vendor "Openssl" for product "Openssl" and version "0.9.7"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8
Search vendor "Openssl" for product "Openssl" and version "0.9.8"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0a
Search vendor "Openssl" for product "Openssl" and version "1.0.0a"
-
Affected