CVE-2010-0740

Publication date 26 March 2010

Last updated 24 July 2024

Ubuntu priority

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssl	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

according to upstream, if 'short' is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m, otherwise it affects 0.9.8f through 0.9.8m. Confirmed that on all releases of Ubuntu on all architectures that 'short' is 2 bytes. (8.10/sparc and 10.04/armel could not be checked)

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.openssl.org/news/secadv_20100324.txt
https://www.cve.org/CVERecord?id=CVE-2010-0740