CVE-2010-2939 | Vulnerability Database | Aqua Security

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.7 (including)	0.9.7 (including)
Openssl	Openssl	0.9.8 (including)	0.9.8 (including)
Openssl	Openssl	1.0.0a (including)	1.0.0a (including)
Openssl	Ubuntu	dapper	*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	hardy	*
Openssl	Ubuntu	jaunty	*
Openssl	Ubuntu	karmic	*
Openssl	Ubuntu	lucid	*
Openssl097	Ubuntu	dapper	*

References

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2
http://seclists.org/fulldisclosure/2010/Aug/84
http://secunia.com/advisories/40906
http://secunia.com/advisories/41105
http://secunia.com/advisories/42309
http://secunia.com/advisories/42413
http://secunia.com/advisories/43312
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc
http://securitytracker.com/id?1024296
http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793
http://www.debian.org/security/2010/dsa-2100
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html
http://www.openwall.com/lists/oss-security/2010/08/11/6
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.ubuntu.com/usn/USN-1003-1
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vupen.com/english/advisories/2010/2038
http://www.vupen.com/english/advisories/2010/2229
http://www.vupen.com/english/advisories/2010/3077
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2
http://seclists.org/fulldisclosure/2010/Aug/84
http://secunia.com/advisories/40906
http://secunia.com/advisories/41105
http://secunia.com/advisories/42309
http://secunia.com/advisories/42413
http://secunia.com/advisories/43312
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc
http://securitytracker.com/id?1024296
http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793
http://www.debian.org/security/2010/dsa-2100
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html
http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html
http://www.openwall.com/lists/oss-security/2010/08/11/6
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.ubuntu.com/usn/USN-1003-1
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vupen.com/english/advisories/2010/2038
http://www.vupen.com/english/advisories/2010/2229
http://www.vupen.com/english/advisories/2010/3077

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2939
CWE	https://cwe.mitre.org/data/definitions/399.html