Description
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-35646 Vulnerability (CVE-2021-35646)
WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.5.2)
WebLogic CVE-2018-1257 Vulnerability (CVE-2018-1257)
WordPress Plugin Subscribe2 Unspecified Vulnerability (10.20.5)
Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999004)