Wind River Support Network

HomeDefectsLIN5-13358
Fixed

LIN5-13358 : Security Advisory - openssl - CVE-2013-0166

Created: Feb 16, 2013    Updated: Dec 19, 2017
Resolved Date: Apr 25, 2013
Previous ID: LIN3-26189
Found In Version: 5.0
Fix Version: 5.0.1.3
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online