Description
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
Remediation
References
Related Vulnerabilities
Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)
WordPress Plugin Name Directory Cross-Site Scripting (1.7.6)
WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.2)
MediaWiki CVE-2023-29140 Vulnerability (CVE-2023-29140)
WordPress 4.1.x Cross-Domain Flash Injection Vulnerability (4.1 - 4.1.21)