N/A

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

N/A

N/A

OpenSSL‘dtls1_clear_queues’函数缓冲区错误漏洞

OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的ssl/d1_lib.c文件中的‘dtls1_clear_queues’函数存在安全漏洞，该漏洞源于DTLS错误的接收到ChangeCipherSpec和Finished消息之间的应用程序数据，针对该数据的缓存将导致释放无效的内存。远程攻击者可借助应用程序数据利用该漏洞造成拒绝服务（内存损坏和应

N/A

N/A