Description
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Remediation
References
Related Vulnerabilities
WordPress Plugin SecuPress Free-WordPress Security Security Bypass (1.4.13)
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (6.0.6)
SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1200)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2005-0004)