Description
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Remediation
References
Related Vulnerabilities
WordPress Plugin Booking.com Banner Creator Cross-Site Scripting (1.4.2)
WordPress Plugin WP Statistics Cross-Site Scripting (12.6.3)
WordPress Plugin MPL-Publisher-Create your Ebook & Audiobook Cross-Site Scripting (1.30.2)
WordPress Plugin IGIT Posts Slider Widget 'src' Parameter Cross-Site Scripting (1.0)