Use-after-free vulnerability in OpenSSL 1.1.0a allows remote attackers to cause denial of service or execute arbitrary code via crafted TLS session

Use-after-free vulnerability in OpenSSL 1.1.0a allows remote attackers to cause denial of service or execute arbitrary code via crafted TLS session

CVE-2016-6309 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

Learn more about our Web Application Penetration Testing UK.