Description
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Database Backup Cross-Site Scripting (3.3)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2005-0004)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2355)