Description
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Remediation
References
Related Vulnerabilities
Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2017-0898)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9403)
Chamilo Improper Input Validation Vulnerability (CVE-2012-4030)
phpMyAdmin Improper Restriction of XML External Entity Reference Vulnerability (CVE-2011-4107)
WordPress Plugin Simple Business Directory with Maps PHP Object Injection (3.6.0)