Description
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.
Remediation
References
Related Vulnerabilities
WordPress 7PK - Security Features Vulnerability (CVE-2016-10148)
WordPress Plugin Mimetic Books Cross-Site Scripting (0.2.13)
Roundcube Unspesificed Vulnerability (CVE-2019-15237)
WordPress 5.4.x Prototype Pollution (5.4 - 5.4.9)
WordPress Plugin Startklar Elementor Addons Directory Traversal (1.7.15)