Wind River Support Network

HomeDefectsSCP6-471
Fixed

SCP6-471 : Security Advisory - openssl - CVE-2014-5139

Created: Aug 17, 2014    Updated: Dec 3, 2018
Resolved Date: Aug 27, 2014
Previous ID: LIN4-31682
Found In Version: 6.0.0.11
Fix Version: 6.0.0.11
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

A crash was found affecting SRP ciphersuites used in a Server Hello message. The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This could lead to a Denial of Service. (original advisory). Reported by Joonas Kuorilehto and Riku Hietamäki (Codenomicon). 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139

Fixed in OpenSSL 1.0.1i (Affected 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube