Description
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
Remediation
References
Related Vulnerabilities
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.32.7212)
phpMyAdmin Other Vulnerability (CVE-2006-5718)
WordPress Plugin Passster-Password Protection Security Bypass (3.5.5.8)
WordPress Plugin gSlideShow Cross-Site Request Forgery (0.1)
WordPress Plugin Widget Logic Cross-Site Request Forgery (5.10.2)