Tedu

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.1g and earlier OpenSSL versions prior to 1.0.1h **Description** A race condition in the `ssl3 read bytes` function in `s3 pkt.c` allows remote attackers to inject data across sessions or cause a denial of service via an SSL connection in a multithreaded environment when `SSL MODE RELEASE BUFFERS` is enabled. This issue can lead to a use-after-free and parsing error. The vulnerability can be exploited remotely and may compromise the confidentiality, integrity, and availability of protected information. **Recommendations** For OpenSSL versions 1.0.1g and earlier, update to version 1.0.1h or later to resolve the issue. For OpenSSL versions prior to 1.0.1h, update to version 1.0.1h or later to resolve the issue. As a temporary workaround, consider disabling the `SSL MODE RELEASE BUFFERS` mode until a patch is available.