Description
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Remediation
References
Related Vulnerabilities
phpMyAdmin Improper Authentication Vulnerability (CVE-2010-4481)
SharePoint CVE-2020-17118 Vulnerability (CVE-2020-17118)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-10241)
Zope Web Application Server Other Vulnerability (CVE-2006-4684)
Oracle Database Server CVE-2010-0852 Vulnerability (CVE-2010-0852)