OpenSSL contains a flaw in the SSL, TLS, and DTLS servers that is triggered when handling a session ticket that has failed to have its integrity properly verified, which can result in a memory leak. With a large number of invalid session tickets, a remote attacker can cause a denial of service.
