EPSS
Percentile
98.9%
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
bugzilla.redhat.com/show_bug.cgi?id=1379302
www.openssl.org/news/secadv/20160926.txt