Description
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
Remediation
References
Related Vulnerabilities
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)
WordPress Ultimate Member Plugin CVE-2025-0318 Vulnerability (CVE-2025-0318)
Moodle Improper Input Validation Vulnerability (CVE-2018-1137)
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.20)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0701)