Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 04:27
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. | |
References |
|
02 Feb 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2010-3864 OpenSSL TLS extension parsing race condition |
Information
Published : 2010-11-17 16:00
Updated : 2023-12-10 11:03
NVD link : CVE-2010-3864
Mitre link : CVE-2010-3864
CVE.ORG link : CVE-2010-3864
JSON object : View
Products Affected
openssl
- openssl
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')