OpenSSL 1.1.0a < 1.1.0b Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.0b. It is, therefore, affected by a vulnerability as referenced in the 1.1.0b advisory. - statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a...

CVE-2016-6308

statem/statemdtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted DTLS messages...