Computer Security
[EN] securityvulns.ru no-pyccku


OpenSSL library double free vulnerability
Published:02.09.2010
Source:
SecurityVulns ID:11113
Type:library
Threat Level:
5/10
Description:Double free() in ECDH code.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2100-1] New openssl packages fix double free (02.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod