cbcvebase.
CVE-2010-0740
published 2010-03-26

CVE-2010-0740: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed…

PriorityP433medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
20.35%
97.2th percentile
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Affected

18 ranges
VendorProductVersion rangeFixed in
debianopenssl< openssl 0.9.8n-1 (bookworm)openssl 0.9.8n-1 (bookworm)
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl>= 0 < 0.9.8n-10.9.8n-1
opensslopenssl>= 0 < 0.9.8n-10.9.8n-1
opensslopenssl>= 0 < 0.9.8n-10.9.8n-1
opensslopenssl>= 0 < 0.9.8n-10.9.8n-1
vmwareesxi
vmwarevmware_tools
vmwarevmware_vcenter_server
vmwarevmware_vsphere
vmwarevmware_workstation

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.