CVEs-PoC/2010/CVE-2010-5298.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 06:55:56 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

POC

Reference

http://seclists.org/fulldisclosure/2014/Dec/23
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10075

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Live-Hack-CVE/CVE-2010-5298
https://github.com/PotterXma/linux-deployment-standard
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/hrbrmstr/internetdb
https://github.com/nidhi7598/OPENSSL_1.0.1g_CVE-2010-5298

1.4 KiB Raw Blame History

CVE-2010-5298

Description

POC

Reference

Github

1.4 KiB

Raw Blame History