Description
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Cross-Site Scripting (5.8.1)
WordPress Plugin WP Front-End Repository Manager Arbitrary File Upload (1.1)
WordPress Plugin WpPygments Multiple Cross-Site Scripting Vulnerabilities (0.3.2)
Moodle Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43435)