Endpoint Vulnerability

Excessive allocation of memory in tls_get_message_header

Description

message larger than approx 16k is received then the underlying buffer to storethe incoming message is reallocated and moved. Unfortunately a dangling pointerto the old location is left which results in an attempt to write to thepreviously freed location. This is likely to result in a crash, however itcould potentially lead to execution of arbitrary code.OpenSSL 1.1.0 users should upgrade to 1.1.0bThis issue was reported to OpenSSL on 23rd September 2016 by Robertwas developed by Matt Caswell of the OpenSSL development team.

Affected Products

OpenSSL

References

CVE-2016-6307,