Download
| Alert*
|
oval:org.secpod.oval:def:37399
The host is installed with OpenSSL 1.1.0a and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a crafted TLS session. Successful exploitation allows remote attackers to cause a denial of service (use-after-free) or possibly execute arb ... oval:org.secpod.oval:def:2100967 The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to ... |
