Description
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Best Seo Remote Code Execution (1.5)
WordPress Plugin Video Embed & Thumbnail Generator Cross-Site Scripting (4.0.3)
WordPress Plugin All-in-One Event Calendar Cross-Site Scripting (2.4.0)
WordPress Plugin All-in-One Video Gallery Local File Inclusion (2.4.9)
WordPress Plugin Login With Ajax Cross-Site Request Forgery (3.0.4.1)