OpenSSL is prone to a remote memory-corruption vulnerability because of integer-truncation errors.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in a denial-of-service condition.
OpenSSL versions up to and including 1.0.1 are affected.
Proof of Concept and Security Exploits
The researcher who found the issue has created a proof-of-concept. Please see the references for information.
Solution: Updates are available. Please see the references for more information.