CVE-2016-6309 - log back

CVE-2016-6309 created at 25 Sep 2019 19:31:40
+ Critical
+ Remote
+ Arbitrary code execution
+ The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location. This is likely to result in a crash, however it could potentially lead to execution of arbitrary code.
+ This issue was reported to OpenSSL on 23rd September 2016 by Robert Święcki (Google Security Team), and was found using honggfuzz.
+ This issue only affects OpenSSL 1.1.0a