Description
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
Remediation
References
Related Vulnerabilities
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.7)
WordPress Plugin Mailing List 'wpabspath' Parameter Remote File Include (1.3.3)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.42)
PHP Resource Management Errors Vulnerability (CVE-2010-1917)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4283)