CVE-2010-2939

Public Date:
2010-08-07
IAVA:
2011-A-0066
Bugzilla:
623483: CVE-2010-2939 openssl: double-free vulnerability in ssl3_get_key_exchange()

The MITRE CVE dictionary describes this issue as:

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

Find out more about CVE-2010-2939 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5 as they did not include support for ECDH.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.