Description
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
Remediation
References
Related Vulnerabilities
Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)
404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)
WP-RecentComments Information Disclosure (2.2.7)
PrestaShop Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-7491)