CVE-2010-2939
published 2010-08-17CVE-2010-2939: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other…
PriorityP432medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
9.98%
95.0th percentile
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.8o-2 (bookworm) | openssl 0.9.8o-2 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 0.9.8o-2 | 0.9.8o-2 |
| openssl | openssl | >= 0 < 0.9.8o-2 | 0.9.8o-2 |
| openssl | openssl | >= 0 < 0.9.8o-2 | 0.9.8o-2 |
| openssl | openssl | >= 0 < 0.9.8o-2 | 0.9.8o-2 |
| vmware | esxi | — | — |
| vmware | vmware_tools | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_ubuntu10.0CRITICAL
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
vendor_vmware·2011-02-10·CVSS 5.0
CVE-2008-0085 [MEDIUM] Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
VMSA-2011-0003: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory Issue date: VMware Security Advisory Updated on: VMware Security Advisory CVE numbers:
CVEs: CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
BSD
FreeBSD-SA-10:10.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2010-11-29·CVSS 4.3
CVE-2010-2939 [MEDIUM] FreeBSD-SA-10:10.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-10:10.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2010-11-29
Credits: Georgi Guninski, Rob Hulswit
Affects: FreeBSD 7.0 and later
Corrected: 2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE)
2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2)
2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6)
2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE)
2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4)
2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16)
CVE Name: CVE-2010-2939, CVE-2010-3864
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
FreeBSD includes software f
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2010-10-07·CVSS 10.0
CVE-2009-3245 [CRITICAL] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled return codes from the
bn_wexpand function calls. A remote attacker could trigger this flaw in
services that used SSL to cause a denial of service or possibly execute
arbitrary code with application privileges. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2009-3245)
It was discovered that OpenSSL incorrectly handled certain private keys
with an invalid prime. A remote attacker could trigger this flaw in
services that used SSL to cause a denial of service or possibly execute
arbitrary code with application privileges. The default compiler options
for affected releases should reduce the vulnerability to a denial of
service. (CVE-2010-2939)
Instructions: After a standard system updat
Red Hat
openssl: double-free vulnerability in ssl3_get_key_exchange()
vendor_redhat·2010-08-07·CVSS 4.3
CVE-2010-2939 [MEDIUM] openssl: double-free vulnerability in ssl3_get_key_exchange()
openssl: double-free vulnerability in ssl3_get_key_exchange()
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
Statement: This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5 as they did not include support for ECDH.
Debian
CVE-2010-2939: openssl - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL c...
vendor_debian·2010·CVSS 4.3
CVE-2010-2939 [MEDIUM] CVE-2010-2939: openssl - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL c...
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
Scope: local
bookworm: resolved (fixed in 0.9.8o-2)
bullseye: resolved (fixed in 0.9.8o-2)
forky: resolved (fixed in 0.9.8o-2)
sid: resolved (fixed in 0.9.8o-2)
trixie: resolved (fixed in 0.9.8o-2)
GHSA
GHSA-f7m9-58qq-wp2m: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt
ghsa_unreviewed·2022-05-14
CVE-2010-2939 [MEDIUM] GHSA-f7m9-58qq-wp2m: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
OSV
CVE-2010-2939: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt
osv·2010-08-17·CVSS 4.3
CVE-2010-2939 [MEDIUM] CVE-2010-2939: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
No detection rules found.
arXiv
Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps' Native Code
arxiv_fulltext·2021-03-03
Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps' Native Code
Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps' Native Code
[^ ]Sumaya Almanee
[^ ]Arda Ünal
[^ ]Mathias Payer
[^ ]Joshua Garcia
[^ ]University of California Irvine, \salmanee, unala, joshug4\@uci.edu
[^ ]EPFL, [email protected]
## Abstract
Android apps include third-party native libraries to increase performance and to
reuse functionality. Native code is directly executed from apps through the
Java Native Interface or the Android Native Development Kit. Android developers
add precompiled native libraries to their projects, enabling their use.
Unfortunately, developers often struggle or simply neglect to update these
libraries in a timely manner. This results in the continuous use of outdated
native libraries with unpatched security vulnerabil
Bugzilla
CVE-2010-2939 openssl: double-free vulnerability in ssl3_get_key_exchange()
bugzilla·2010-08-11·CVSS 4.3
CVE-2010-2939 [MEDIUM] CVE-2010-2939 openssl: double-free vulnerability in ssl3_get_key_exchange()
CVE-2010-2939 openssl: double-free vulnerability in ssl3_get_key_exchange()
George Guninski reported [1] a double-free flaw in openssl's client implementation that could lead to a crash when ECDH is used. It was reported against 1.0.0a but the code being patched [2] to correct the flaw has also been identified in 0.9.8 [3].
[1] http://marc.info/?l=openssl-dev&m=128118163216952&w=2
[2] http://marc.info/?l=openssl-dev&m=128128256314328&w=2
[3] http://article.gmane.org/gmane.comp.security.oss.general/3298
Discussion:
I'm not 100% sure of the impact here as it looks like it might just be in the openssl client. I don't know if this code is used by other clients linked to the openssl libraries or not, so at this point cannot say if other applications are impacted by this.
---
Except this c
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.htmlhttp://marc.info/?l=bugtraq&m=130331363227777&w=2http://seclists.org/fulldisclosure/2010/Aug/84http://secunia.com/advisories/40906http://secunia.com/advisories/41105http://secunia.com/advisories/42309http://secunia.com/advisories/42413http://secunia.com/advisories/43312http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.aschttp://securitytracker.com/id?1024296http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793http://www.debian.org/security/2010/dsa-2100http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.htmlhttp://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.htmlhttp://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.htmlhttp://www.openwall.com/lists/oss-security/2010/08/11/6http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.ubuntu.com/usn/USN-1003-1http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vupen.com/english/advisories/2010/2038http://www.vupen.com/english/advisories/2010/2229http://www.vupen.com/english/advisories/2010/3077http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.htmlhttp://marc.info/?l=bugtraq&m=130331363227777&w=2http://seclists.org/fulldisclosure/2010/Aug/84http://secunia.com/advisories/40906http://secunia.com/advisories/41105http://secunia.com/advisories/42309http://secunia.com/advisories/42413http://secunia.com/advisories/43312http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.aschttp://securitytracker.com/id?1024296http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793http://www.debian.org/security/2010/dsa-2100http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.htmlhttp://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.htmlhttp://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.htmlhttp://www.openwall.com/lists/oss-security/2010/08/11/6http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.ubuntu.com/usn/USN-1003-1http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vupen.com/english/advisories/2010/2038http://www.vupen.com/english/advisories/2010/2229http://www.vupen.com/english/advisories/2010/3077
2010-08-17
Published