CVE-2010-0740

NameCVE-2010-0740
DescriptionThe ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs575607

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openssl (PTS)stretch (security), stretch1.1.0l-1~deb9u1fixed
buster, buster (security)1.1.1d-0+deb10u3fixed
bullseye, sid1.1.1g-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opensslsourcelenny(not affected)
opensslsource(unstable)0.9.8n-1medium575607

Notes

[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
http://www.openssl.org/news/secadv/20100324.txt

Search for package or bug name: Reporting problems