CVE-2010-0740

Description

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

How to fix CVE-2010-0740

To remediate CVE-2010-0740, upgrade the affected package to a fixed version below.

• Debian/openssl—upgrade to 0.9.8n-1 or later

Is CVE-2010-0740 being exploited?

Moderate — EPSS is 15.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.9.8n-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-0740