CVE-2010-0740

OpenSSL 0.9.8f-0.9.8m - Denial of Service via Malformed TLS Record

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0740. PoCs published by Andi.

AI-analyzed exploit summary This exploit triggers a NULL pointer dereference in OpenSSL by manipulating the SSL version to DTLS1_BAD_VER or DTLS1_VERSION, causing a denial-of-service (DoS) condition. It establishes an SSL connection and sends malformed packets to exploit CVE-2010-0740.

Description

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Andi · cdoslinux
https://www.exploit-db.com/exploits/12334

This exploit triggers a NULL pointer dereference in OpenSSL by manipulating the SSL version to DTLS1_BAD_VER or DTLS1_VERSION, causing a denial-of-service (DoS) condition. It establishes an SSL connection and sends malformed packets to exploit CVE-2010-0740.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL 0.9.8f through 0.9.8m
No auth needed
Prerequisites: Network access to target SSL/TLS service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (24)

Core 24
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42724
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4723
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127557640302499&w=2
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Patch, Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20100324.txt
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0710
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0839
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127128920008563&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023748
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39932
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0933
Various Sources x_refsource_confirm
https://kb.bluecoat.com/index?page=content&id=SA50
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43311
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1216
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42733
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html

Scores

EPSS 0.2035
EPSS Percentile 97.2%

Details

CWE
CWE-20
Status published
Products (8)
openssl/openssl 0.9.8f
openssl/openssl 0.9.8g
openssl/openssl 0.9.8h
openssl/openssl 0.9.8i
openssl/openssl 0.9.8j
openssl/openssl 0.9.8k
openssl/openssl 0.9.8l
openssl/openssl 0.9.8m
Published Mar 26, 2010
Tracked Since Feb 18, 2026