Description
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Remediation
References
Related Vulnerabilities
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12616)
WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)
WordPress Plugin WooCommerce Remote Code Execution (4.0.1)
MySQL CVE-2021-2481 Vulnerability (CVE-2021-2481)
WordPress Plugin WP SlackSync Information Disclosure (1.8.5)