Description
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2830 Vulnerability (CVE-2019-2830)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.28)
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1041)
WordPress Plugin Import XML and RSS Feeds Arbitrary File Upload (2.1.5)
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Request Forgery (3.0.6)