OpenSSL CVE-2016-6307 Denial of Service Vulnerability
Description
message larger than approx 16k is received then the underlying buffer to storethe incoming message is reallocated and moved. Unfortunately a dangling pointerto the old location is left which results in an attempt to write to thepreviously freed location. This is likely to result in a crash, however itcould potentially lead to execution of arbitrary code.OpenSSL 1.1.0 users should upgrade to 1.1.0bThis issue was reported to OpenSSL on 23rd September 2016 by Robertwas developed by Matt Caswell of the OpenSSL development team.
Affected Applications
OpenSSL