CVE - CVE-2010-3864

CVE-ID
CVE-2010-3864	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded MLIST:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html MLIST:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html CONFIRM:http://openssl.org/news/secadv_20101116.txt CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=649304 CONFIRM:http://blogs.sun.com/security/entry/cve_2010_3864_race_condition CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM:http://www.adobe.com/support/security/bulletins/apsb11-11.html CONFIRM:http://support.apple.com/kb/HT4723 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 APPLE:APPLE-SA-2011-06-23-1 URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html DEBIAN:DSA-2125 URL:http://www.debian.org/security/2010/dsa-2125 FEDORA:FEDORA-2010-17826 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html FEDORA:FEDORA-2010-17827 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.html FEDORA:FEDORA-2010-17847 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html FREEBSD:FreeBSD-SA-10:10 URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc HP:HPSBMA02658 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 HP:SSRT100413 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 HP:HPSBGN02740 URL:http://marc.info/?l=bugtraq&m=132828103218869&w=2 HP:SSRT100741 URL:http://marc.info/?l=bugtraq&m=132828103218869&w=2 HP:HPSBOV02670 URL:http://marc.info/?l=bugtraq&m=130497251507577&w=2 HP:HPSBUX02638 URL:http://marc.info/?l=bugtraq&m=129916880600544&w=2 HP:SSRT100339 URL:http://marc.info/?l=bugtraq&m=129916880600544&w=2 HP:SSRT100475 URL:http://marc.info/?l=bugtraq&m=130497251507577&w=2 REDHAT:RHSA-2010:0888 URL:https://rhn.redhat.com/errata/RHSA-2010-0888.html SLACKWARE:SSA:2010-326-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793 SUSE:SUSE-SR:2010:022 URL:http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html CERT-VN:VU#737740 URL:http://www.kb.cert.org/vuls/id/737740 SECTRACK:1024743 URL:http://securitytracker.com/id?1024743 SECUNIA:42243 URL:http://secunia.com/advisories/42243 SECUNIA:42309 URL:http://secunia.com/advisories/42309 SECUNIA:42336 URL:http://secunia.com/advisories/42336 SECUNIA:42352 URL:http://secunia.com/advisories/42352 SECUNIA:42397 URL:http://secunia.com/advisories/42397 SECUNIA:42241 URL:http://secunia.com/advisories/42241 SECUNIA:42413 URL:http://secunia.com/advisories/42413 SECUNIA:43312 URL:http://secunia.com/advisories/43312 SECUNIA:44269 URL:http://secunia.com/advisories/44269 SECUNIA:57353 URL:http://secunia.com/advisories/57353 VUPEN:ADV-2010-3041 URL:http://www.vupen.com/english/advisories/2010/3041 VUPEN:ADV-2010-3121 URL:http://www.vupen.com/english/advisories/2010/3121 VUPEN:ADV-2010-3077 URL:http://www.vupen.com/english/advisories/2010/3077 VUPEN:ADV-2010-3097 URL:http://www.vupen.com/english/advisories/2010/3097
Assigning CNA
N/A
Date Entry Created
20101008	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101008)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org