CVE-2010-0740

NameCVE-2010-0740
DescriptionThe ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs575607

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openssl (PTS)jessie1.0.1t-1+deb8u8fixed
jessie (security)1.0.1t-1+deb8u9fixed
stretch (security), stretch1.1.0f-3+deb9u2fixed
buster1.1.0h-4fixed
sid1.1.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opensslsource(unstable)0.9.8n-1medium575607
opensslsourcelenny(not affected)

Notes

[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
http://www.openssl.org/news/secadv/20100324.txt

Search for package or bug name: Reporting problems