Description
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Remediation
References
Related Vulnerabilities
WordPress Plugin Redirection Cross-Site Request Forgery (1.1.4)
PHP Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2020-7070)
XWiki Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-27480)
Jenkins DEPRECATED: Code Vulnerability (CVE-2016-3721)
WordPress Plugin Videos on Admin Dashboard Cross-Site Scripting (1.1.3)