Wind River Support Network

HomeDefectsLIN5-19251
Fixed

LIN5-19251 : Security Advisory - openssl - CVE-2014-3512

Created: Aug 14, 2014    Updated: Dec 19, 2017
Resolved Date: Aug 14, 2014
Previous ID: LIN4-31673
Found In Version: 5.0.1.18
Fix Version: 5.0.1.18
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

A SRP buffer overrun was found. A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. (original advisory). Reported by Sean Devlin and Watson Ladd (Cryptography Services, NCC Group). 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512

Fixed in OpenSSL 1.0.1i (Affected 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) 

Other Downloads


Live chat
Online