Cryptographic Issues
CVE-2010-0742
Summary
The Cryptographic Message Syntax (CMS) implementation in "crypto/cms/cms_asn1.c" in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain "OriginatorInfo", which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
- LOW
- NETWORK
- NONE
- PARTIAL
- PARTIAL
- PARTIAL
CWE-310 - Cryptographic Issues
Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.
Advisory Timeline
- Published