It was found that current mechanism of queuing the future messages, i.e. messages having greater sequence numbers that are to be processed later, is prone to DoS attack by memory exhaustion, when attacker can fill up the queue with lots of large messages that are never going to be used. Only up to 10 messages in the future can be buffered and queue gets cleared when the connection is closed, thus attacker can exploit this only with opening many simultaneous connections.
Find out more about CVE-2016-2179 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 8 | Fixed |
LIN8-4616 |
8.0.0.10 | -- |
| Wind River Linux 9 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 7 | Fixed | -- | 7.0.0.20 | -- |
| Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
| Wind River Linux CD release | Not Vulnerable | -- | -- | -- |
| Wind River Linux 6 | Fixed | -- | 6.0.0.31 | -- |
| Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 24 | Not Vulnerable | -- | -- | -- |
| VxWorks | ||||
| VxWorks 7 | Fixed | -- | openSSL-1.1.0.0 | -- |
| VxWorks 6.9 | Fixed | -- | 6.9.4.9 | -- |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| eLxr | ||||
| eLxr 12 | Not Vulnerable | -- | -- | -- |
| Wind River Studio Cloud Platform | ||||
| Product Name | Status | Defect | Fixed | Downloads |
|---|
