Wind River Support Network

HomeDefectsLIN10-2744
Not to be fixed

LIN10-2744 : Security Advisory - wolfssl - CVE-2017-13099

Created: Dec 14, 2017    Updated: Apr 11, 2019
Resolved Date: Apr 11, 2019
Found In Version: 10.17.41.1
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as ROBOT.

https://nvd.nist.gov/vuln/detail/CVE-2017-13099

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube