CVE-2016-6309

2016-09-26T19:59:00
ID CVE-2016-6309
Type cve
Reporter cve@mitre.org
Modified 2018-07-12T01:29:00

Description

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.