Description
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
Remediation
References
Related Vulnerabilities
Atlassian Jira Missing Authentication for Critical Function Vulnerability (CVE-2019-8449)
Apache 2.x version older than 2.0.51
WordPress Plugin Billplz for WooCommerce Unspecified Vulnerability (3.10)
WordPress Plugin AdPlugg WordPress Ad Cross-Site Scripting (1.1.33)
Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-7743)