CVE-2010-0742 — Openssl vulnerability

CWE-3109 documents6 sources

Severity

7.5HIGHNVD

EPSS

22.1%

top 4.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedJun 3

Latest updateMay 2

Description

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0e-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0e-1+3

▶NVDopenssl/openssl0.9.8n+50

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-qm9f-p7c7-h3m4: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1↗2022-05-02

▶

OSV

CVE-2010-0742: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1↗2010-06-03

▶

📋Vendor Advisories

Red Hat

openssl: invalid ASN1 module definition for CMS↗2010-06-01

▶

Debian

CVE-2010-0742: openssl - The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c i...↗2010

▶

Red Hat

/kernel/security/CVE-2006-0742 test cause kernel-xen panic on ia64↗2007-09-11

▶

💬Community

Bugzilla

CVE-2010-0742 openssl: invalid ASN1 module definition for CMS↗2010-06-01

▶

Bugzilla

CVE-2010-0742 openssl: invalid ASN1 module definition for CMS [fedora-all]↗2010-06-01

▶