Description
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
Remediation
References
Related Vulnerabilities
MongoDb Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4650)
MySQL CVE-2016-9843 Vulnerability (CVE-2016-9843)
WordPress Plugin Limit Attempts by BestWebSoft Multiple Vulnerabilities (1.0.3)
WordPress Plugin WP Humans.txt Cross-Site Scripting (1.0.6)
WordPress Plugin Social Like Box and Page by WpDevArt Unspecified Vulnerability (0.8.39)