← back
CVE-2010-0742

CVE-2010-0742

EPSS 7.8%
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cvs.openssl.org/chngview?cn=19693http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1http://marc.info/?l=bugtraq&m=129138643405740&w=2http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guesthttps://bugzilla.redhat.com/show_bug.cgi?id=598738http://secunia.com/advisories/40000http://secunia.com/advisories/40024http://secunia.com/advisories/42457http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://secunia.com/advisories/57353https://kb.bluecoat.com/index?page=content&id=SA50