|Date: (C)2011-02-18 (M)2017-09-22|
|CVSS Score: 5.0||Access Vector: NETWORK|
|Exploitability Subscore: 10.0||Access Complexity: LOW|
|Impact Subscore: 2.9||Authentication: NONE|
| ||Confidentiality: NONE|
| ||Integrity: NONE|
| ||Availability: PARTIAL|
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."