Description
The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Fancy Gallery Cross-Site Scripting (1.5.12)
MOVEit Transfer Improper Privilege Management Vulnerability (CVE-2025-2324)
WordPress Plugin JSON API User Privilege Escalation (3.9.3)
Liferay DXP Observable Timing Discrepancy Vulnerability (CVE-2025-43754)
Oracle Database Server CVE-2020-2734 Vulnerability (CVE-2020-2734)