Description
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Remediation
References
Related Vulnerabilities
Jenkins 7PK - Security Features Vulnerability (CVE-2014-9634)
Liferay Portal Missing Authorization Vulnerability (CVE-2022-39975)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (3.9.2)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.4.2)
WordPress Plugin BetterDocs-Best Documentation & Knowledge Base Cross-Site Scripting (1.8.4)