CVE-2010-3864

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2010-3864
StatePUBLISHED
Assignerredhat
Source PriorityCVE Program / NVD first with legacy fallback
Published2010-11-17 16:00:01 UTC
Updated2026-04-29 01:13:23 UTC
DescriptionMultiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

Risk And Classification

Primary CVSS: v2.0 7.6 from [email protected]

AV:N/AC:H/Au:N/C:C/I:C/A:C

Problem Types: CWE-362 | n/a

CVSS v2.0 Breakdown

Access Vector
Network
Access Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Openssl Openssl 0.9.8f All All All
Application Openssl Openssl 0.9.8g All All All
Application Openssl Openssl 0.9.8h All All All
Application Openssl Openssl 0.9.8i All All All
Application Openssl Openssl 0.9.8j All All All
Application Openssl Openssl 0.9.8k All All All
Application Openssl Openssl 0.9.8l All All All
Application Openssl Openssl 0.9.8m All All All
Application Openssl Openssl 0.9.8n All All All
Application Openssl Openssl 0.9.8o All All All
Application Openssl Openssl 1.0.0 All All All
Application Openssl Openssl 1.0.0a All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Na N/a affected n/a Not specified

References

ReferenceSourceLinkTags
SecurityFocus af854a3a-2127-422b-91ae-364da2661108 www.securityfocus.com
[SECURITY] Fedora 12 Update: openssl-1.0.0b-1.fc12 af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org
openssl.org/news/secadv_20101116.txt af854a3a-2127-422b-91ae-364da2661108 openssl.org Patch, Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:022 af854a3a-2127-422b-91ae-364da2661108 lists.opensuse.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com
VMware ESX Server / ESXi OpenSSL Vulnerabilities - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com
Adobe - Security Bulletins: APSB11-11 - Security update available for Adobe Flash Media Server af854a3a-2127-422b-91ae-364da2661108 www.adobe.com
VMSA-2011-0003 af854a3a-2127-422b-91ae-364da2661108 www.vmware.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com
security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc af854a3a-2127-422b-91ae-364da2661108 security.FreeBSD.org
[syslog-ng-announce] syslog-ng Premium Edition 3.0.6a has been released af854a3a-2127-422b-91ae-364da2661108 lists.balabit.com
Bug 649304 – CVE-2010-3864 OpenSSL TLS extension parsing race condition af854a3a-2127-422b-91ae-364da2661108 bugzilla.redhat.com Patch
Debian update for openssl - Advisories - Community af854a3a-2127-422b-91ae-364da2661108 secunia.com
Ubuntu update for openssl - Advisories - Community af854a3a-2127-422b-91ae-364da2661108 secunia.com
Security Alerts - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com
404 Not Found af854a3a-2127-422b-91ae-364da2661108 blogs.sun.com
Security Advisory SA57353 - IBM Storage System DS8870 OpenSSL Multiple Vulnerabilities - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp af854a3a-2127-422b-91ae-364da2661108 h20000.www2.hp.com
IBM Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities. - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com
[SECURITY] Fedora 14 Update: openssl-1.0.0b-1.fc14 af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org
About the security content of Mac OS X v10.6.8 and Security Update 2011-004 - Apple Support af854a3a-2127-422b-91ae-364da2661108 support.apple.com
APPLE-SA-2011-06-23-1 Mac OS X v10.6.8 and Security Update 2011-004 af854a3a-2127-422b-91ae-364da2661108 lists.apple.com
OpenSSL TLS Server Extension Parsing Race Condition Vulnerability - Advisories - Community af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
Debian -- Security Information -- DSA-2125-1 openssl af854a3a-2127-422b-91ae-364da2661108 www.debian.org
Slackware update for openssl - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com
The Slackware Linux Project: Slackware Security Advisories af854a3a-2127-422b-91ae-364da2661108 slackware.com
[SECURITY] Fedora 13 Update: openssl-1.0.0b-1.fc13 af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org
SUSE Update for Multiple Packages - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com
rhn.redhat.com | Red Hat Support af854a3a-2127-422b-91ae-364da2661108 rhn.redhat.com
Vulnerability Note VU#737740 - Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL af854a3a-2127-422b-91ae-364da2661108 www.kb.cert.org US Government Resource
'[security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
FreeBSD update for openssl - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com
'[security bulletin] HPSBUX02638 SSRT100339 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitr' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com
SecurityTracker.com Archives - OpenSSL Buffer Overflow in TLS Server Extension Parsing May Let Remote Users Execute Arbitrary Code af854a3a-2127-422b-91ae-364da2661108 securitytracker.com Patch
[syslog-ng-announce] syslog-ng Premium Edition 3.2.1a has been released af854a3a-2127-422b-91ae-364da2661108 lists.balabit.com
HP Insight Control for Linux Multiple Vulnerabilities - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com
'[security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performa' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Red Hat Customer Portal MITRE access.redhat.com
access.redhat.com | CVE-2010-3864 MITRE access.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report