Description
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
Remediation
References
Related Vulnerabilities
WordPress Plugin Audit Trail Cross-Site Scripting (1.1.13)
MySQL Other Vulnerability (CVE-2000-0981)
Moodle Improper Control of Generation of Code (Code Injection) (CVE-2019-14827)
Moodle Improper Input Validation Vulnerability (CVE-2011-4302)
Nexus Repository Manager Improper Authentication Vulnerability (CVE-2019-9629)