Description

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

Remediation

References

CVE-2010-0742

Related Vulnerabilities

Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8758)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-28040)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.18)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31805)

Severity

High

Classification

CVE-2010-0742

Tags

Missing Update Known Vulnerabilities