Description
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Remediation
References
Related Vulnerabilities
WordPress Plugin Arigato Autoresponder and Newsletter Cross-Site Scripting (2.3.1)
WordPress Plugin Audio Record Arbitrary File Upload (1.0)
WordPress Plugin WP Frontend Profile Multiple Vulnerabilities (0.2.1)
WordPress Plugin Cookie Information-Free GDPR Consent Solution Cross-Site Scripting (1.5.5)