statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote malicious users to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.1.0a |
Recursion (n): See recursion
Sysadmins and devs, fresh from a weekend spoiled by last week's OpenSSL emergency patch, have another emergency patch to install. One of last week's fixes, for CVE-2016-6307, created CVE-2016-6309, a dangling pointer security vulnerability. As the fresh advisory states: “The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received, then the underlying buffer to store the incoming message is reallocated and moved. “Unfortunately a dangl...