Description
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Remediation
References
Related Vulnerabilities
WordPress Plugin Registrations for the Events Calendar-Event Registration SQL Injection (2.7.5)
WordPress Plugin Google AdSense by BestWebSoft Cross-Site Scripting (1.43)
WordPress Plugin Gallery-Flagallery Photo Portfolio 'skin' Parameter Cross-Site Scripting (1.72)
WordPress Plugin Stockists Manager for Woocommerce Cross-Site Request Forgery (1.0.2.1)