OpenSSL 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption Vulnerability Network Vulnerability

Summary

OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, OVS has discovered that the remote Webserver is using version 1.0.0a of OpenSSL which is vulnerable. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in a denial-of-service condition. The issue affects OpenSSL 1.0.0a other versions may also be affected.

References

http://seclists.org/fulldisclosure/2010/Aug/84
http://www.openssl.org
https://www.securityfocus.com/bid/42306

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2939

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Apple iTunes Multiple Vulnerabilities - Apr10
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
Aardvark Topsites Multiple Vulnerabilities

Take action and discover your vulnerabilities