Description
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
Remediation
References
Related Vulnerabilities
Tornado Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-47287)
WordPress Plugin Yes/No Chart SQL Injection (1.0.11)
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.12)
WordPress Plugin Smart Email Alerts Cross-Site Scripting (1.0.10)
WordPress Plugin Ultimate Reviews PHP Object Injection (2.0.18)