Wind River Support Network

HomeDefectsLIN8-4616
Fixed

LIN8-4616 : Security Advisory - openssl - CVE-2016-2179

Created: Sep 1, 2016    Updated: Dec 3, 2018
Resolved Date: Sep 11, 2016
Found In Version: 8.0
Fix Version: 8.0.0.10
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

It was found that current mechanism of queuing the future messages, i.e. messages having greater sequence numbers that are to be processed later, is prone to DoS attack by memory exhaustion, when attacker can fill up the queue with lots of large messages that are never going to be used. Only up to 10 messages in the future can be buffered and queue gets cleared when the connection is closed, thus attacker can exploit this only with opening many simultaneous connections. 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179

Security Notices


Other Downloads


CVEs


Live chat
Online