OpenSSL CVE-2010-5298 Race Condition Vulnerability

description-logoDescription

A race condition in the ssl3_read_bytes function can allow remoteattackers to inject data across sessions or cause a denial of service.This flaw only affects multithreaded applications using OpenSSL 1.0.0and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not thedefault and not common.OpenSSL 1.0.0 users should upgrade to 1.0.0m.OpenSSL 1.0.1 users should upgrade to 1.0.1h.This issue was reported in public.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2010-5298