Description
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Remediation
References
Related Vulnerabilities
Perl CVE-2016-6185 Vulnerability (CVE-2016-6185)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-13082)
WordPress Plugin Country State City Dropdown CF7 Security Bypass (2.7.1)
Internet Information Services CVE-2009-4444 Vulnerability (CVE-2009-4444)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-7491)