CVE-2010-5298

Name: CVE-2010-5298
Creator: NVD / NIST
Published: 2014-04-14T22:38:08.59+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 34.13%

Last modified Jun 16, 2026

CVE-2010-5298 is a vulnerability of currently unknown severity. Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.. EPSS estimates a 34.13% chance of exploitation in the next 30 days.

Description

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Metrics

EPSS Probability

34.13%

98.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-362

Affected Software

Vendor	Product	Versions
Openssl	Openssl	<= 1.0.1g
Mariadb	Mariadb	>= 10.0.0, < 10.0.13
Fedoraproject	Fedora	19
Fedoraproject	Fedora	20
Suse	Linux Enterprise Desktop	12
Suse	Linux Enterprise Server	12
Suse	Linux Enterprise Software Development Kit	12
Suse	Linux Enterprise Workstation Extension	12

References

http://advisories.mageia.org/MGASA-2014-0187.htmlThird Party Advisory
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sigPatch, Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195Permissions Required
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlMailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140389274407904&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140389355508263&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140431828824371&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140448122410568&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140544599631400&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140621259019789&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140904544427729&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=141658880509699&w=2Mailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2014/04/13/1Mailing List, Patch
http://seclists.org/fulldisclosure/2014/Dec/23Mailing List, Third Party Advisory
http://secunia.com/advisories/58337Not Applicable
http://secunia.com/advisories/58713Not Applicable
http://secunia.com/advisories/58939Not Applicable
http://secunia.com/advisories/58977Not Applicable
http://secunia.com/advisories/59162Not Applicable
http://secunia.com/advisories/59287Not Applicable
http://secunia.com/advisories/59300Not Applicable
http://secunia.com/advisories/59301Not Applicable
http://secunia.com/advisories/59342Not Applicable
http://secunia.com/advisories/59413Not Applicable
http://secunia.com/advisories/59437Not Applicable
http://secunia.com/advisories/59438Not Applicable
http://secunia.com/advisories/59440Not Applicable
http://secunia.com/advisories/59450Not Applicable
http://secunia.com/advisories/59490Not Applicable
http://secunia.com/advisories/59655Not Applicable
http://secunia.com/advisories/59666Not Applicable
http://secunia.com/advisories/59669Not Applicable
http://secunia.com/advisories/59721Not Applicable
http://security.gentoo.org/glsa/glsa-201407-05.xmlThird Party Advisory
http://support.citrix.com/article/CTX140876Third Party Advisory
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markupBroken Link
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673137Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676035Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676062Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676529Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676655Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676889Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677527Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677695Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677836Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757Broken Link
http://www.blackberry.com/btsc/KB36051Broken Link
http://www.fortiguard.com/advisory/FG-IR-14-018/Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmThird Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676356Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg24037783Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062Broken Link
http://www.openbsd.org/errata55.html#004_opensslThird Party Advisory
http://www.openssl.org/news/secadv_20140605.txtThird Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/66801Third Party Advisory, VDB Entry
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuseThird Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlThird Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10075Broken Link
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guestBroken Link
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guestBroken Link
https://www.novell.com/support/kb/doc.php?id=7015271Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0187.htmlThird Party Advisory
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sigPatch, Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195Permissions Required
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlMailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140389274407904&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140389355508263&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140431828824371&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140448122410568&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140544599631400&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140621259019789&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=140904544427729&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=141658880509699&w=2Mailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2014/04/13/1Mailing List, Patch
http://seclists.org/fulldisclosure/2014/Dec/23Mailing List, Third Party Advisory
http://secunia.com/advisories/58337Not Applicable
http://secunia.com/advisories/58713Not Applicable
http://secunia.com/advisories/58939Not Applicable
http://secunia.com/advisories/58977Not Applicable
http://secunia.com/advisories/59162Not Applicable
http://secunia.com/advisories/59287Not Applicable
http://secunia.com/advisories/59300Not Applicable
http://secunia.com/advisories/59301Not Applicable
http://secunia.com/advisories/59342Not Applicable
http://secunia.com/advisories/59413Not Applicable
http://secunia.com/advisories/59437Not Applicable
http://secunia.com/advisories/59438Not Applicable
http://secunia.com/advisories/59440Not Applicable
http://secunia.com/advisories/59450Not Applicable
http://secunia.com/advisories/59490Not Applicable
http://secunia.com/advisories/59655Not Applicable
http://secunia.com/advisories/59666Not Applicable
http://secunia.com/advisories/59669Not Applicable
http://secunia.com/advisories/59721Not Applicable
http://security.gentoo.org/glsa/glsa-201407-05.xmlThird Party Advisory
http://support.citrix.com/article/CTX140876Third Party Advisory
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markupBroken Link
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673137Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676035Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676062Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676529Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676655Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676889Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677527Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677695Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677836Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757Broken Link
http://www.blackberry.com/btsc/KB36051Broken Link
http://www.fortiguard.com/advisory/FG-IR-14-018/Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmThird Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676356Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg24037783Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062Broken Link
http://www.openbsd.org/errata55.html#004_opensslThird Party Advisory
http://www.openssl.org/news/secadv_20140605.txtThird Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/66801Third Party Advisory, VDB Entry
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuseThird Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlThird Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10075Broken Link
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guestBroken Link
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guestBroken Link
https://www.novell.com/support/kb/doc.php?id=7015271Third Party Advisory

Timeline

Published: Apr 14, 2014
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-5298?

How severe is CVE-2010-5298?

Severity scoring for CVE-2010-5298 is pending analysis. The EPSS model estimates a 34.13% probability of exploitation in the next 30 days.

How do I fix CVE-2010-5298?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-5298?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST