CVE-2010-2939

OpenSSL <1.0.0a-0.9.7 - Use After Free

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2939. PoCs published by Georgi Guninski.

AI-analyzed exploit summary The provided text is a vulnerability description for CVE-2020-1967, a memory corruption issue in OpenSSL 1.1.1d and earlier. It lacks exploit code but references a binary exploit available via a GitLab link.

Description

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Georgi Guninski · textdoslinux
https://www.exploit-db.com/exploits/34427

The provided text is a vulnerability description for CVE-2020-1967, a memory corruption issue in OpenSSL 1.1.1d and earlier. It lacks exploit code but references a binary exploit available via a GitLab link.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: OpenSSL 1.1.1d and earlier
No auth needed
Prerequisites: Network access to a vulnerable OpenSSL instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2010/Aug/84
Mailing List mailing-list x_refsource_mlist
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130331363227777&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42413
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40906
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2100
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/08/11/6
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2229
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2038
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024296
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1003-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42309
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3077
Various Sources vendor-advisory x_refsource_freebsd
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43312
Mailing List mailing-list x_refsource_mlist
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html
Mailing List mailing-list x_refsource_mlist
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41105

Scores

EPSS 0.0998
EPSS Percentile 95.0%

Details

CWE
CWE-399
Status published
Products (3)
openssl/openssl 0.9.7
openssl/openssl 0.9.8
openssl/openssl 1.0.0a
Published Aug 17, 2010
Tracked Since Feb 18, 2026