Description

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-0740

Related Vulnerabilities

WordPress Plugin LB Tube Video for WordPress Cross-Site Scripting (1.0)

Seo Panel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-28419)

WordPress Incorrect Authorization Vulnerability (CVE-2018-20147)

WordPress Plugin WP Job Manager PHP Object Injection (1.31.2)

MediaWiki Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-35624)

Severity

Medium

Classification

CVE-2010-0740 CWE-20

Tags

Missing Update Known Vulnerabilities