4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
0.029 Low
EPSS
Percentile
90.8%
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | openssl | < 1.0.1g-3 | openssl_1.0.1g-3_all.deb |
Debian | 11 | all | openssl | < 1.0.1g-3 | openssl_1.0.1g-3_all.deb |
Debian | 999 | all | openssl | < 1.0.1g-3 | openssl_1.0.1g-3_all.deb |
Debian | 13 | all | openssl | < 1.0.1g-3 | openssl_1.0.1g-3_all.deb |