CVE-2010-5298
CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.mageia.org/MGASA-2014-0187.htmlhttp://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sighttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlhttp://marc.info/?l=bugtraq&m=140389274407904&w=2http://marc.info/?l=bugtraq&m=140389355508263&w=2http://marc.info/?l=bugtraq&m=140431828824371&w=2http://marc.info/?l=bugtraq&m=140448122410568&w=2http://marc.info/?l=bugtraq&m=140544599631400&w=2