// For flags

CVE-2010-5298

openssl: freelist misuse causing a possible use-after-free

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Condición de carrera en la función ssl3_read_bytes en s3_pkt.c en OpenSSL hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, permite a atacantes remotos inyectar datos a través de sesiones o causar una denegación de servicio (error de uso después de liberación y análisis sintáctico) a través de una conexión SSL en un entorno con múltiples hilos.

OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-04-14 CVE Reserved
  • 2014-04-14 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-07-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-416: Use After Free
CAPEC
References (83)
URL Tag Source
http://advisories.mageia.org/MGASA-2014-0187.html Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23 Mailing List
http://secunia.com/advisories/58337 Not Applicable
http://secunia.com/advisories/58713 Not Applicable
http://secunia.com/advisories/58939 Not Applicable
http://secunia.com/advisories/58977 Not Applicable
http://secunia.com/advisories/59162 Not Applicable
http://secunia.com/advisories/59287 Not Applicable
http://secunia.com/advisories/59300 Not Applicable
http://secunia.com/advisories/59301 Not Applicable
http://secunia.com/advisories/59342 Not Applicable
http://secunia.com/advisories/59413 Not Applicable
http://secunia.com/advisories/59437 Not Applicable
http://secunia.com/advisories/59438 Not Applicable
http://secunia.com/advisories/59440 Not Applicable
http://secunia.com/advisories/59450 Not Applicable
http://secunia.com/advisories/59490 Not Applicable
http://secunia.com/advisories/59655 Not Applicable
http://secunia.com/advisories/59666 Not Applicable
http://secunia.com/advisories/59669 Not Applicable
http://secunia.com/advisories/59721 Not Applicable
http://support.citrix.com/article/CTX140876 Third Party Advisory
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676529 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676655 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676889 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677527 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677836 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332 Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 Broken Link
http://www.blackberry.com/btsc/KB36051 Broken Link
http://www.fortiguard.com/advisory/FG-IR-14-018 Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676356 Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg24037783 Third Party Advisory
http://www.openssl.org/news/secadv_20140605.txt Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded Mailing List
http://www.securityfocus.com/bid/66801 Third Party Advisory
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80 Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 Broken Link
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest Broken Link
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest Broken Link
https://www.novell.com/support/kb/doc.php?id=7015271 Third Party Advisory
URL Date SRC
URL Date SRC
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig 2022-08-29
http://openwall.com/lists/oss-security/2014/04/13/1 2022-08-29
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html 2022-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html 2022-08-29
http://marc.info/?l=bugtraq&m=140389274407904&w=2 2022-08-29
http://marc.info/?l=bugtraq&m=140389355508263&w=2 2022-08-29
http://marc.info/?l=bugtraq&m=140431828824371&w=2 2022-08-29
http://marc.info/?l=bugtraq&m=140448122410568&w=2 2022-08-29
http://marc.info/?l=bugtraq&m=140544599631400&w=2 2022-08-29
http://marc.info/?l=bugtraq&m=140621259019789&w=2 2022-08-29
http://marc.info/?l=bugtraq&m=140752315422991&w=2 2022-08-29
http://marc.info/?l=bugtraq&m=140904544427729&w=2 2022-08-29
http://marc.info/?l=bugtraq&m=141658880509699&w=2 2022-08-29
http://security.gentoo.org/glsa/glsa-201407-05.xml 2022-08-29
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl 2022-08-29
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090 2022-08-29
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 2022-08-29
http://www.openbsd.org/errata55.html#004_openssl 2022-08-29
https://access.redhat.com/security/cve/CVE-2010-5298 2014-06-10
https://bugzilla.redhat.com/show_bug.cgi?id=1087195 2014-06-10
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 <= 1.0.1g
Search vendor "Openssl" for product "Openssl" and version " <= 1.0.1g"
-
Affected
Mariadb
Search vendor "Mariadb"
 Mariadb
Search vendor "Mariadb" for product "Mariadb"
 >= 10.0.0 < 10.0.13
Search vendor "Mariadb" for product "Mariadb" and version " >= 10.0.0 < 10.0.13"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 19
Search vendor "Fedoraproject" for product "Fedora" and version "19"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 20
Search vendor "Fedoraproject" for product "Fedora" and version "20"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 12
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 12
Search vendor "Suse" for product "Linux Enterprise Server" and version "12"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
 12
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Workstation Extension
Search vendor "Suse" for product "Linux Enterprise Workstation Extension"
 12
Search vendor "Suse" for product "Linux Enterprise Workstation Extension" and version "12"
-
Affected