Description
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Remediation
References
Related Vulnerabilities
WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.5.4)
WordPress Plugin Customer Reviews for WooCommerce Cross-Site Scripting (5.16.0)
WordPress Plugin spideranalyse Cross-Site Scripting (0.0.1)
WordPress Plugin BeCustom Cross-Site Request Forgery (1.0.5.2)