Description
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Remediation
References
Related Vulnerabilities
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3661)
WordPress Plugin WP Vault Local File Inclusion (0.8.6.6)
PHP Improper Input Validation Vulnerability (CVE-2009-1272)
WordPress Plugin Skysa App Bar Integration 'submit' Parameter Cross-Site Scripting (1.03)
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)