CVE-2010-3864

OpenSSL TLS extension parsing race condition

Severity Score

7.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

Múltiples vulnerabilidades de condición de carrera en ssl/t1_lib.c en OpenSSL v0.9.8f a la v0.9.8o, v1.0.0, y v1.0.0a, cuando la multi-hilo la caché interna está activada en el servidor TLS, podría permitir a atacantes remotos ejecutar código de su elección a través de datos del cliente que provocan un desbordamiento de búfer basado en memoria dinámica (heap), relacionado con (1)el nombre de extensión del servidor TLS y (2) la curva elíptica criptográfica.

*Credits: N/A

CVSS Scores

NISTv2 7.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-10-08 CVE Reserved
2010-11-17 CVE Published
2023-05-18 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (40)

URL	Tag	Source
http://blogs.sun.com/security/entry/cve_2010_3864_race_condition	X_refsource_confirm
http://secunia.com/advisories/42241	Third Party Advisory
http://secunia.com/advisories/42309	Third Party Advisory
http://secunia.com/advisories/42336	Third Party Advisory
http://secunia.com/advisories/42352	Third Party Advisory
http://secunia.com/advisories/42397	Third Party Advisory
http://secunia.com/advisories/42413	Third Party Advisory
http://secunia.com/advisories/43312	Third Party Advisory
http://secunia.com/advisories/44269	Third Party Advisory
http://secunia.com/advisories/57353	Third Party Advisory
http://support.apple.com/kb/HT4723	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564	X_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb11-11.html	X_refsource_confirm
http://www.kb.cert.org/vuls/id/737740	Third Party Advisory
http://www.securityfocus.com/archive/1/516397/100/0/threaded	Mailing List
http://www.vmware.com/security/advisories/VMSA-2011-0003.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2010/3041	Vdb Entry
http://www.vupen.com/english/advisories/2010/3077	Vdb Entry
http://www.vupen.com/english/advisories/2010/3097	Vdb Entry
http://www.vupen.com/english/advisories/2010/3121	Vdb Entry
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html	Mailing List
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html	Mailing List

URL	Date	SRC

URL	Date	SRC
http://openssl.org/news/secadv_20101116.txt	2023-02-13
http://securitytracker.com/id?1024743	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=649304	2010-11-16

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777	2023-02-13
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html	2023-02-13
http://marc.info/?l=bugtraq&m=129916880600544&w=2	2023-02-13
http://marc.info/?l=bugtraq&m=130497251507577&w=2	2023-02-13
http://marc.info/?l=bugtraq&m=132828103218869&w=2	2023-02-13
http://secunia.com/advisories/42243	2023-02-13
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc	2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793	2023-02-13
http://www.debian.org/security/2010/dsa-2125	2023-02-13
https://rhn.redhat.com/errata/RHSA-2010-0888.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2010-3864	2010-11-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8g Search vendor "Openssl" for product "Openssl" and version "0.9.8g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8h Search vendor "Openssl" for product "Openssl" and version "0.9.8h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8i Search vendor "Openssl" for product "Openssl" and version "0.9.8i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8j Search vendor "Openssl" for product "Openssl" and version "0.9.8j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8k Search vendor "Openssl" for product "Openssl" and version "0.9.8k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8l Search vendor "Openssl" for product "Openssl" and version "0.9.8l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8m Search vendor "Openssl" for product "Openssl" and version "0.9.8m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8n Search vendor "Openssl" for product "Openssl" and version "0.9.8n"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8o Search vendor "Openssl" for product "Openssl" and version "0.9.8o"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a"		-		Affected