OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS.
As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive
contents of previously freed memory.
However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per
connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter,
only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
Vendor Status:
OpenSSL core team had issued an update for this vulnerability
