Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2010-11-17 16:00
Updated : 2024-02-28 11:41
NVD link : CVE-2010-3864
Mitre link : CVE-2010-3864
CVE.ORG link : CVE-2010-3864
JSON object : View
Products Affected
openssl
- openssl
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')