Description
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Remote Code Execution (7.0 - 7.74)
PHP Use After Free Vulnerability (CVE-2016-4473)
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.15)
Jenkins Incorrect Authorization Vulnerability (CVE-2021-21670)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-4782)