CVE-2008-5410 — Solaris vulnerability

CWE-3103 documents3 sources

Severity

7.8HIGHNVD

EPSS

1.1%

top 21.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris

Timeline

PublishedDec 10

Latest updateMay 17

Description

The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDsun/solaris10.0

Patches

Patch: secunia.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-9hqh-6h2m-qg9c: The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which a↗2022-05-17

▶

CVEList

CVE-2008-5410: The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which a↗2008-12-10

▶