Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2010-3864

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

  • Published: Nov 17, 2010
  • Updated: Apr 13, 2023
  • CVE: CVE-2010-3864
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.6
  • AV:N/AC:H/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
openssl / openssl 0.9.8m 0.9.8m.x
openssl / openssl 0.9.8n 0.9.8n.x
openssl / openssl 0.9.8g 0.9.8g.x
openssl / openssl 0.9.8k 0.9.8k.x
openssl / openssl 0.9.8j 0.9.8j.x
openssl / openssl 0.9.8l 0.9.8l.x
openssl / openssl 1.0.0 1.0.0.x
openssl / openssl 0.9.8o 0.9.8o.x
openssl / openssl 0.9.8i 0.9.8i.x
openssl / openssl 0.9.8f 0.9.8f.x
openssl / openssl 1.0.0a 1.0.0a.x
openssl / openssl 0.9.8h 0.9.8h.x