CVE-2010-0742 - Vulnerability Details

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.23018.

Key SSVC decision points have not yet been added.

Vendors	Products
Openssl	Openssl

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
	cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
	cpe:2.3:a:openssl:openssl:0.9.3:::::::*
	cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
	cpe:2.3:a:openssl:openssl:0.9.4:::::::*
	cpe:2.3:a:openssl:openssl:0.9.5:::::::*
	cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
	cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
	cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
	cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
	cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
	cpe:2.3:a:openssl:openssl:0.9.6:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
	cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
	cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
	cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
	cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
	cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
	cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
	cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
	cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
	cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
	cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
	cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
	cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
	cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://cvs.openssl.org/chngview?cn=19693
http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1
http://marc.info/?l=bugtraq&m=129138643405740&w=2
http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest
http://secunia.com/advisories/40000
http://secunia.com/advisories/40024
http://secunia.com/advisories/42457
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://secunia.com/advisories/57353
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.openssl.org/news/secadv_20100601.txt
http://www.securityfocus.com/bid/40502
http://www.vupen.com/english/advisories/2010/1313
http://www.vupen.com/english/advisories/2010/3105
https://bugzilla.redhat.com/show_bug.cgi?id=598738
https://kb.bluecoat.com/index?page=content&id=SA50
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
https://nvd.nist.gov/vuln/detail/CVE-2010-0742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395
https://www.cve.org/CVERecord?id=CVE-2010-0742

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.16783}`	epss `{'score': 0.23018}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-06-03T14:00:00

Updated: 2024-08-07T00:59:38.997Z

Reserved: 2010-02-26T00:00:00

Link: CVE-2010-0742

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-06-03T14:30:01.507

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0742

Redhat

Severity : Important

Publid Date: 2010-06-01T00:00:00Z

Links: CVE-2010-0742 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object