Description
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.
Remediation
References
Related Vulnerabilities
WordPress Plugin dsIDXpress IDX Cross-Site Scripting (2.1.0)
Moodle Other Vulnerability (CVE-2006-6625)
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2025-31651)
WordPress Plugin Controlled Admin Access Security Bypass (1.4.0)
Ruby Resource Management Errors Vulnerability (CVE-2008-2664)