Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2010-0742

Disclosure Date: June 03, 2010
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Exfiltration
Techniques
Validation
Validated
Validated
Validated
Validated
Validated

Description

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

General Information

Exploited in the Wild

Reported by:
Reported: May 29, 2021 5:31pm UTC (2 weeks ago)

Additional Info

Technical Analysis