Wind River Support Network

HomeDefectsLIN5-19240
Fixed

LIN5-19240 : Security Advisory - openssl - CVE-2014-3507

Created: Aug 14, 2014    Updated: Dec 19, 2017
Resolved Date: Aug 14, 2014
Previous ID: LIN4-31664
Found In Version: 5.0.1.18
Fix Version: 5.0.1.18
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

A DTLS memory leak from zero-length fragments was found. By sending carefully crafted DTLS packets an attacker could cause OpenSSL to leak memory. This could lead to a Denial of Service attack. (original advisory). Reported by Adam Langley (Google). 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507

Fixed in OpenSSL 1.0.1i (Affected 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) 
Fixed in OpenSSL 1.0.0n (Affected 1.0.0m, 1.0.0l, 1.0.0k, 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a) 
Fixed in OpenSSL 0.9.8zb (Affected 0.9.8za, 0.9.8y, 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o) 

Other Downloads


Live chat
Online