Wind River Support Network

HomeDefectsLIN5-19208
Fixed

LIN5-19208 : Security Advisory - openssl - CVE-2014-5139

Created: Aug 10, 2014    Updated: Dec 19, 2017
Resolved Date: Aug 11, 2014
Previous ID: LIN4-31645
Found In Version: 5.0
Fix Version: 5.0.1.18
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

A crash was found affecting SRP ciphersuites used in a Server Hello message. The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This could lead to a Denial of Service. (original advisory). Reported by Joonas Kuorilehto and Riku Hietamäki (Codenomicon). 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139

Fixed in OpenSSL 1.0.1i (Affected 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) 

Other Downloads


Live chat
Online