Description
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
Remediation
References
Related Vulnerabilities
WordPress Plugin Esponce QR Code Generator Cross-Site Scripting (1.4)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)
WordPress 'comment_post_ID' Parameter SQL Injection Vulnerability (3.0.4)
Oracle Database Server CVE-2009-1969 Vulnerability (CVE-2009-1969)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3631)