Wind River Support Network


LIN5-19227 : Security Advisory - openssl - CVE-2014-3509

Created: Aug 12, 2014    Updated: Dec 19, 2017
Resolved Date: Aug 13, 2014
Previous ID: LIN4-31653
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace


A crash was found affecting SRP ciphersuites used in a Server Hello message. The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This could lead to a Denial of Service. (original advisory). Reported by Joonas Kuorilehto and Riku Hietamäki (Codenomicon).

Fixed in OpenSSL 1.0.1i (Affected 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) 

Other Downloads

Live chat