CVE-2010-5298 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

View Analysis Description Analysis Description Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: N/A NVD score not yet provided. CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 4.0 MEDIUM Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:P) Weakness Enumeration CWE-ID CWE Name Source CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 14 change records found show changes CVE Modified by MITRE 10/10/2018 4:9:00 PM Action Type Old Value New Value Added Reference http://www.securityfocus.com/archive/1/534161/100/0/threaded [No Types Assigned]



Removed Reference http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded [No Types Assigned]



CVE Modified by MITRE 11/14/2017 9:29:00 PM Action Type Old Value New Value Added Reference http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html [No Types Assigned]



Modified Analysis 1/26/2017 3:0:03 PM Action Type Old Value New Value CVE Modified by MITRE 1/25/2017 9:59:00 PM Action Type Old Value New Value Removed Reference https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]



CVE Modified by MITRE 1/06/2017 9:59:01 PM Action Type Old Value New Value Added Reference http://advisories.mageia.org/MGASA-2014-0187.html [No Types Assigned]



Added Reference http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]



Added Reference http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 [No Types Assigned]



Added Reference http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html [No Types Assigned]



Added Reference http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html [No Types Assigned]



Added Reference http://secunia.com/advisories/58337 [No Types Assigned]



Added Reference http://secunia.com/advisories/58713 [No Types Assigned]



Added Reference http://secunia.com/advisories/58977 [No Types Assigned]



Added Reference http://secunia.com/advisories/59287 [No Types Assigned]



Added Reference http://secunia.com/advisories/59437 [No Types Assigned]



Added Reference http://secunia.com/advisories/59440 [No Types Assigned]



Added Reference http://security.gentoo.org/glsa/glsa-201407-05.xml [No Types Assigned]



Added Reference http://support.citrix.com/article/CTX140876 [No Types Assigned]



Added Reference http://www-01.ibm.com/support/docview.wss?uid=swg21676529 [No Types Assigned]



Added Reference http://www-01.ibm.com/support/docview.wss?uid=swg21676879 [No Types Assigned]



Added Reference http://www-01.ibm.com/support/docview.wss?uid=swg21676889 [No Types Assigned]



Added Reference http://www-01.ibm.com/support/docview.wss?uid=swg21677836 [No Types Assigned]



Added Reference http://www-01.ibm.com/support/docview.wss?uid=swg21683332 [No Types Assigned]



Added Reference http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 [No Types Assigned]



Added Reference http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 [No Types Assigned]



Added Reference http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 [No Types Assigned]



Added Reference http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 [No Types Assigned]



Added Reference http://www.ibm.com/support/docview.wss?uid=swg21676356 [No Types Assigned]



Added Reference http://www.ibm.com/support/docview.wss?uid=swg24037783 [No Types Assigned]



Added Reference http://www.mandriva.com/security/advisories?name=MDVSA-2014:090 [No Types Assigned]



Added Reference http://www.vmware.com/security/advisories/VMSA-2014-0006.html [No Types Assigned]



Added Reference https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]



Added Reference https://www.novell.com/support/kb/doc.php?id=7015271 [No Types Assigned]



CVE Modified by MITRE 1/02/2017 9:59:00 PM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html [No Types Assigned]



CVE Modified by Source 10/11/2016 9:59:07 PM Action Type Old Value New Value Added Reference https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946



CVE Modified by Source 8/22/2016 10:3:01 PM Action Type Old Value New Value Added Reference http://marc.info/?l=bugtraq&m=140389274407904&w=2



Added Reference http://marc.info/?l=bugtraq&m=140389355508263&w=2



Added Reference http://marc.info/?l=bugtraq&m=140431828824371&w=2



Added Reference http://marc.info/?l=bugtraq&m=140448122410568&w=2



Added Reference http://marc.info/?l=bugtraq&m=140544599631400&w=2



Added Reference http://marc.info/?l=bugtraq&m=140621259019789&w=2



Added Reference http://marc.info/?l=bugtraq&m=140752315422991&w=2



Added Reference http://marc.info/?l=bugtraq&m=140904544427729&w=2



Added Reference http://marc.info/?l=bugtraq&m=141658880509699&w=2



CVE Modified by Source 6/16/2016 9:59:07 PM Action Type Old Value New Value Removed Reference http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html



Removed Reference http://seclists.org/fulldisclosure/2015/Apr/5



Removed Reference http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded



CVE Modified by Source 4/14/2015 9:59:20 PM Action Type Old Value New Value Added Reference http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html



Added Reference http://seclists.org/fulldisclosure/2015/Apr/5



Added Reference http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded



CVE Modified by Source 3/31/2015 9:59:04 PM Action Type Old Value New Value Added Reference http://www.mandriva.com/security/advisories?name=MDVSA-2015:062



CVE Modified by Source 1/22/2015 8:59:21 AM Action Type Old Value New Value Added Reference http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html



CVE Modified by Source 12/11/2014 9:59:02 PM Action Type Old Value New Value Added Reference http://seclists.org/fulldisclosure/2014/Dec/23



Added Reference http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded



Added Reference http://www.vmware.com/security/advisories/VMSA-2014-0012.html



Initial CVE Analysis 4/15/2014 10:44:04 AM Action Type Old Value New Value Quick Info CVE Dictionary Entry:

CVE-2010-5298

NVD Published Date:

04/14/2014

NVD Last Modified:

10/10/2018

Source:

MITRE

