CVE-2010-5298
openssl - security update
EPSS 19.1%
Description
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
How to fix CVE-2010-5298
To remediate CVE-2010-5298, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.1g-3 or later
- Debian/openssl—upgrade to 1.0.1e-2+deb7u7 or later
Is CVE-2010-5298 being exploited?
Moderate — EPSS is 19.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0.1g-3
- from 0, < 1.0.1e-2+deb7u7