Description
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
Remediation
References
Related Vulnerabilities
MediaWiki Other Vulnerability (CVE-2007-0894)
Squid Improper Input Validation Vulnerability (CVE-2016-2570)
WordPress Plugin Advanced Database Cleaner SQL Injection (3.0.1)
WordPress Plugin Theme Check Cross-Site Request Forgery (20190208.1)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000504)