CVE-2010-5298

openssl: freelist misuse causing a possible use-after-free

Severity Score

4.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Condición de carrera en la función ssl3_read_bytes en s3_pkt.c en OpenSSL hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, permite a atacantes remotos inyectar datos a través de sesiones o causar una denegación de servicio (error de uso después de liberación y análisis sintáctico) a través de una conexión SSL en un entorno con múltiples hilos.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-04-14 CVE Reserved
2014-04-14 CVE Published
2024-05-05 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416: Use After Free

CAPEC

References (83)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2014-0187.html	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629	Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23	Mailing List
http://secunia.com/advisories/58337	Not Applicable
http://secunia.com/advisories/58713	Not Applicable
http://secunia.com/advisories/58939	Not Applicable
http://secunia.com/advisories/58977	Not Applicable
http://secunia.com/advisories/59162	Not Applicable
http://secunia.com/advisories/59287	Not Applicable
http://secunia.com/advisories/59300	Not Applicable
http://secunia.com/advisories/59301	Not Applicable
http://secunia.com/advisories/59342	Not Applicable
http://secunia.com/advisories/59413	Not Applicable
http://secunia.com/advisories/59437	Not Applicable
http://secunia.com/advisories/59438	Not Applicable
http://secunia.com/advisories/59440	Not Applicable
http://secunia.com/advisories/59450	Not Applicable
http://secunia.com/advisories/59490	Not Applicable
http://secunia.com/advisories/59655	Not Applicable
http://secunia.com/advisories/59666	Not Applicable
http://secunia.com/advisories/59669	Not Applicable
http://secunia.com/advisories/59721	Not Applicable
http://support.citrix.com/article/CTX140876	Third Party Advisory
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21673137	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676035	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676062	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676529	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676655	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676889	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677527	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677695	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677836	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757	Broken Link
http://www.blackberry.com/btsc/KB36051	Broken Link
http://www.fortiguard.com/advisory/FG-IR-14-018	Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676356	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg24037783	Third Party Advisory
http://www.openssl.org/news/secadv_20140605.txt	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/66801	Third Party Advisory
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.html	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946	Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80	Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10075	Broken Link
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest	Broken Link
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest	Broken Link
https://www.novell.com/support/kb/doc.php?id=7015271	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig	2022-08-29
http://openwall.com/lists/oss-security/2014/04/13/1	2022-08-29

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	2022-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html	2022-08-29
http://marc.info/?l=bugtraq&m=140389274407904&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140389355508263&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140431828824371&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140448122410568&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140544599631400&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140621259019789&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140752315422991&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=140904544427729&w=2	2022-08-29
http://marc.info/?l=bugtraq&m=141658880509699&w=2	2022-08-29
http://security.gentoo.org/glsa/glsa-201407-05.xml	2022-08-29
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl	2022-08-29
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090	2022-08-29
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	2022-08-29
http://www.openbsd.org/errata55.html#004_openssl	2022-08-29
https://access.redhat.com/security/cve/CVE-2010-5298	2014-06-10
https://bugzilla.redhat.com/show_bug.cgi?id=1087195	2014-06-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				<= 1.0.1g Search vendor "Openssl" for product "Openssl" and version " <= 1.0.1g"		-		Affected
Mariadb Search vendor "Mariadb"		Mariadb Search vendor "Mariadb" for product "Mariadb"				>= 10.0.0 < 10.0.13 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.0.0 < 10.0.13"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				19 Search vendor "Fedoraproject" for product "Fedora" and version "19"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				20 Search vendor "Fedoraproject" for product "Fedora" and version "20"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				12 Search vendor "Suse" for product "Linux Enterprise Server" and version "12"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit"				12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Workstation Extension Search vendor "Suse" for product "Linux Enterprise Workstation Extension"				12 Search vendor "Suse" for product "Linux Enterprise Workstation Extension" and version "12"		-		Affected