Description
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Cross-Site Scripting (2.0.12)
Squid Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-4553)
Oracle Application Server Credentials Management Errors Vulnerability (CVE-2002-2345)
WordPress 4.5.x Possible SQL Injection Vulnerability (4.5 - 4.5.10)
WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)