CVE - CVE-2010-0742

CVE-ID
CVE-2010-0742	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html MLIST:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html CONFIRM:http://cvs.openssl.org/chngview?cn=19693 CONFIRM:http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1 CONFIRM:http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest CONFIRM:http://www.openssl.org/news/secadv_20100601.txt CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=598738 CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA50 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 HP:HPSBUX02610 URL:http://marc.info/?l=bugtraq&m=129138643405740&w=2 HP:SSRT100341 URL:http://marc.info/?l=bugtraq&m=129138643405740&w=2 BID:40502 URL:http://www.securityfocus.com/bid/40502 OVAL:oval:org.mitre.oval:def:12395 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395 SECUNIA:40000 URL:http://secunia.com/advisories/40000 SECUNIA:40024 URL:http://secunia.com/advisories/40024 SECUNIA:42457 URL:http://secunia.com/advisories/42457 SECUNIA:42724 URL:http://secunia.com/advisories/42724 SECUNIA:42733 URL:http://secunia.com/advisories/42733 SECUNIA:57353 URL:http://secunia.com/advisories/57353 VUPEN:ADV-2010-1313 URL:http://www.vupen.com/english/advisories/2010/1313 VUPEN:ADV-2010-3105 URL:http://www.vupen.com/english/advisories/2010/3105
Assigning CNA
N/A
Date Entry Created
20100226	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org