statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 prior to 1.1.0a allocates memory before checking for an excessive length, which might allow remote malicious users to cause a denial of service (memory consumption) via crafted DTLS messages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.1.0 |