- Description
- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
- Source
- secalert@redhat.com
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Per: http://www.openssl.org/news/secadv_20100324.txt 'Affected versions depend on the C compiler used with OpenSSL: - If 'short' is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m. - Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m.'
- Solution
- Per: http://www.openssl.org/news/secadv_20100324.txt 'Affected versions depend on the C compiler used with OpenSSL: - If 'short' is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m. - Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m.'
- Red HatNot vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333"
}
],
"operator": "OR"
}
]
}
]