{"id":"UBUNTU-CVE-2010-5298","details":"Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.","modified":"2026-01-30T02:35:32.479221Z","published":"2014-04-14T00:00:00Z","related":["USN-2192-1"],"upstream":["CVE-2010-5298"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2010-5298"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2014/04/13/1"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2014/04/13/2"},{"type":"REPORT","url":"http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse"},{"type":"REPORT","url":"http://www.openbsd.org/errata55.html#004_openssl"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2192-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2010-5298"}],"affected":[{"package":{"name":"openssl","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1f-1ubuntu2.1"}]}],"versions":["1.0.1e-3ubuntu1","1.0.1e-4ubuntu1","1.0.1e-4ubuntu2","1.0.1e-4ubuntu3","1.0.1e-4ubuntu4","1.0.1f-1ubuntu1","1.0.1f-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"libssl-dev","binary_version":"1.0.1f-1ubuntu2.1"},{"binary_name":"libssl1.0.0","binary_version":"1.0.1f-1ubuntu2.1"},{"binary_name":"openssl","binary_version":"1.0.1f-1ubuntu2.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-5298.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"low"}]}