CVE-2010-5298

Published: Apr 14, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:P

Exploitability: 4.9 / Impact: 4.9

Source: NVD

Description

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Affected (8)

Products: Openssl: Openssl · Mariadb: Mariadb · Fedoraproject: Fedora · +1 more

Show all products

Openssl: Openssl · Mariadb: Mariadb · Fedoraproject: Fedora · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit, Linux Enterprise Workstation Extension

1 product

1 product

1 product

4 products

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Software Development Kit

Linux Enterprise Workstation Extension

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openssl Openssl	Up to 1.0.1g

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	From 10.0.0 to 10.0.13

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Desktop	Version 12
Suse Linux Enterprise Server	Version 12
Suse Linux Enterprise Software Development Kit	Version 12
Suse Linux Enterprise Workstation Extension	Version 12

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (164)

http://advisories.mageia.org/MGASA-2014-0187.html

Source: cve@mitre.org

Third Party Advisory

http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig

Source: cve@mitre.org

PatchThird Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

Source: cve@mitre.org

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195

Source: cve@mitre.org

Permissions Required

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140389274407904&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140389355508263&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140431828824371&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140448122410568&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140544599631400&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140621259019789&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140752315422991&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140904544427729&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=141658880509699&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://openwall.com/lists/oss-security/2014/04/13/1

Source: cve@mitre.org

Mailing ListPatch

http://seclists.org/fulldisclosure/2014/Dec/23

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/58337

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/58713

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/58939

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/58977

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59162

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59287

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59300

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59301

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59342

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59413

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59437

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59438

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59440

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59450

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59490

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59655

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59666

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59669

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59721

Source: cve@mitre.org

Not Applicable

http://security.gentoo.org/glsa/glsa-201407-05.xml

Source: cve@mitre.org

Third Party Advisory

http://support.citrix.com/article/CTX140876

Source: cve@mitre.org

Third Party Advisory

http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup

Source: cve@mitre.org

Broken Link

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

Source: cve@mitre.org

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

Source: cve@mitre.org

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676529

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676655

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676879

Source: cve@mitre.org

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21676889

Source: cve@mitre.org

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21677527

Source: cve@mitre.org

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677836

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21678167

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21683332

Source: cve@mitre.org

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

Source: cve@mitre.org

Broken Link

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

Source: cve@mitre.org

Broken Link

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

Source: cve@mitre.org

Broken Link

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

Source: cve@mitre.org

Broken Link

http://www.blackberry.com/btsc/KB36051

Source: cve@mitre.org

Broken Link

http://www.fortiguard.com/advisory/FG-IR-14-018/

Source: cve@mitre.org

Third Party Advisory

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

Source: cve@mitre.org

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg21676356

Source: cve@mitre.org

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg24037783

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2014:090

Source: cve@mitre.org

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

Source: cve@mitre.org

Broken Link

http://www.openbsd.org/errata55.html#004_openssl

Source: cve@mitre.org

Third Party Advisory

http://www.openssl.org/news/secadv_20140605.txt

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/534161/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/66801

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse

Source: cve@mitre.org

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

Source: cve@mitre.org

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Source: cve@mitre.org

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

Source: cve@mitre.org

Third Party Advisory

https://kb.bluecoat.com/index?page=content&id=SA80

Source: cve@mitre.org

Broken Link

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

Source: cve@mitre.org

Broken Link

https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest

Source: cve@mitre.org

Broken Link

https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest

Source: cve@mitre.org

Broken Link

https://www.novell.com/support/kb/doc.php?id=7015271

Source: cve@mitre.org

Third Party Advisory

http://advisories.mageia.org/MGASA-2014-0187.html