OpenSSL v1.1.0.a Release Notes

Release Date: 2016-09-26 // almost 5 years ago
    • Fix Use After Free for large message sizes

    The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location. This is likely to result in a crash, however it could potentially lead to execution of arbitrary code.

    This issue only affects OpenSSL 1.1.0a.

    This issue was reported to OpenSSL by Robert Święcki. [CVE-2016-6309][]

    Matt Caswell