CVE-2010-0740
published 2010-03-26CVE-2010-0740: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed…
PriorityP433medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
20.35%
97.2th percentile
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.8n-1 (bookworm) | openssl 0.9.8n-1 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 0.9.8n-1 | 0.9.8n-1 |
| openssl | openssl | >= 0 < 0.9.8n-1 | 0.9.8n-1 |
| openssl | openssl | >= 0 < 0.9.8n-1 | 0.9.8n-1 |
| openssl | openssl | >= 0 < 0.9.8n-1 | 0.9.8n-1 |
| vmware | esxi | — | — |
| vmware | vmware_tools | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
vendor_vmware·2011-02-10·CVSS 5.0
CVE-2008-0085 [MEDIUM] Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
VMSA-2011-0003: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory Issue date: VMware Security Advisory Updated on: VMware Security Advisory CVE numbers:
CVEs: CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
Red Hat
openssl: "Record of death" vulnerability in 0.9.8f through 0.9.8m
vendor_redhat·2010-03-24·CVSS 5.0
CVE-2010-0740 [MEDIUM] openssl: "Record of death" vulnerability in 0.9.8f through 0.9.8m
openssl: "Record of death" vulnerability in 0.9.8f through 0.9.8m
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
Statement: Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Debian
CVE-2010-0740: openssl - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m al...
vendor_debian·2010·CVSS 5.0
CVE-2010-0740 [MEDIUM] CVE-2010-0740: openssl - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m al...
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved (fixed in 0.9.8n-1)
bullseye: resolved (fixed in 0.9.8n-1)
forky: resolved (fixed in 0.9.8n-1)
sid: resolved (fixed in 0.9.8n-1)
trixie: resolved (fixed in 0.9.8n-1)
GHSA
GHSA-qr53-p9wq-vjrx: The ssl3_get_record function in ssl/s3_pkt
ghsa_unreviewed·2022-05-02
CVE-2010-0740 [MEDIUM] CWE-20 GHSA-qr53-p9wq-vjrx: The ssl3_get_record function in ssl/s3_pkt
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
OSV
CVE-2010-0740: The ssl3_get_record function in ssl/s3_pkt
osv·2010-03-26·CVSS 5.0
CVE-2010-0740 [MEDIUM] CVE-2010-0740: The ssl3_get_record function in ssl/s3_pkt
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
No detection rules found.
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.aschttp://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlhttp://marc.info/?l=bugtraq&m=127128920008563&w=2http://marc.info/?l=bugtraq&m=127557640302499&w=2http://secunia.com/advisories/39932http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://secunia.com/advisories/43311http://support.apple.com/kb/HT4723http://www.mandriva.com/security/advisories?name=MDVSA-2010:076http://www.openssl.org/news/secadv_20100324.txthttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securitytracker.com/id?1023748http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/0710http://www.vupen.com/english/advisories/2010/0839http://www.vupen.com/english/advisories/2010/0933http://www.vupen.com/english/advisories/2010/1216https://kb.bluecoat.com/index?page=content&id=SA50https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlhttps://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.aschttp://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlhttp://marc.info/?l=bugtraq&m=127128920008563&w=2http://marc.info/?l=bugtraq&m=127557640302499&w=2http://secunia.com/advisories/39932http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://secunia.com/advisories/43311http://support.apple.com/kb/HT4723http://www.mandriva.com/security/advisories?name=MDVSA-2010:076http://www.openssl.org/news/secadv_20100324.txthttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securitytracker.com/id?1023748http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/0710http://www.vupen.com/english/advisories/2010/0839http://www.vupen.com/english/advisories/2010/0933http://www.vupen.com/english/advisories/2010/1216https://kb.bluecoat.com/index?page=content&id=SA50https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlhttps://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731
2010-03-26
Published