Description
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server CVE-2023-21718 Vulnerability (CVE-2023-21718)
WordPress Plugin QIWI payment module for Woocommerce Cross-Site Scripting (0.0.9)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1868)
IBM WebSEAL Insertion of Sensitive Information into Log File Vulnerability (CVE-2017-1480)