CVE-2010-2939

OpenSSL <1.0.0a-0.9.7 - Use After Free

Title source: llm

Description

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Georgi Guninski · textdoslinux

https://www.exploit-db.com/exploits/34427

View Code ZIP pw:eip

References (22)

Core 22

Core References

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2010/Aug/84

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793

Mailing List mailing-list x_refsource_mlist

http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=130331363227777&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42413

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40906

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2010/dsa-2100

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/08/11/6

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2229

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2038

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1024296

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1003-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42309

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3077

Various Sources vendor-advisory x_refsource_freebsd

http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43312

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Mailing List mailing-list x_refsource_mlist

http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html

Mailing List mailing-list x_refsource_mlist

http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/516397/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41105

Scores

EPSS 0.1027

EPSS Percentile 93.2%

Details

CWE

CWE-399

Status published

Products (3)

openssl/openssl 0.9.7

openssl/openssl 0.9.8

openssl/openssl 1.0.0a

Published Aug 17, 2010

Tracked Since Feb 18, 2026