Description
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
Remediation
References
Related Vulnerabilities
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0304)
WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)
WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (4.5.0)
markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2026-2327)
ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003)