F5 Networks BIG-IP : OpenSSL vulnerability (K23873366)
High Nessus Plugin ID 97444
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionOpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K23873366.