Description
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
Remediation
References
Related Vulnerabilities
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-46147)
WordPress Plugin WP Job Manager Cross-Site Scripting (1.23.7)
WordPress Plugin WordPress Landing Pages Multiple Unspecified Vulnerabilities (1.7.8)
MediaWiki Improper Input Validation Vulnerability (CVE-2017-0370)
WordPress Plugin Popup by Supsystic Cross-Site Request Forgery (1.7.8)