Description
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
Remediation
References
Related Vulnerabilities
phpList Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2020-8547)
MediaWiki Incorrect Authorization Vulnerability (CVE-2020-26121)
Oracle Application Server CVE-2008-2619 Vulnerability (CVE-2008-2619)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)
WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)