Description
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPtouch Cross-Site Scripting (4.3.42)
WordPress Plugin Slimstat Analytics SQL Injection (3.9.5)
Nginx Other Vulnerability (CVE-2019-9513)
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-0819)
Oracle Database Server CVE-2011-0875 Vulnerability (CVE-2011-0875)