Description
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
Remediation
References
Related Vulnerabilities
ColdFusion directory traversal
ProjectSend Improper Privilege Management Vulnerability (CVE-2020-28874)
WordPress 2.6.3 Cross-Site Scripting Vulnerability (0.6.2 - 2.6.3)
WordPress Plugin WooCommerce Cross-Site Scripting (2.2.10)
Squid Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-28652)