|
Description: | | statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (Use-After-Free) or possibly execute arbitrary code via a crafted TLS session. |
|
Impact: | | A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code. |
|
Affected OS: | | Solaris, Other Unix, FreeBSD, Linux |
|
Reference: | | SecurityFocusBID:93177 SecurityTrackerID:1036885
|
|