Description
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Remediation
References
Related Vulnerabilities
XWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23618)
Drupal Other Vulnerability (CVE-2006-5477)
WordPress Plugin Super Forms-Drag & Drop Form Builder Arbitrary File Upload (4.9.700)
IBMHttpServer Other Vulnerability (CVE-2004-0263)
WordPress Plugin yURL ReTwitt Cross-Site Request Forgery (1.4)