Wind River Support Network

HomeDefectsLIN6-8601
Fixed

LIN6-8601 : Security Advisory - openssl - CVE-2014-3567

Created: Oct 21, 2014    Updated: Dec 3, 2018
Resolved Date: Oct 21, 2014
Previous ID: LIN4-31853
Found In Version: 6.0.0.13
Fix Version: 6.0.0.13
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube