Wind River Support Network

HomeDefectsLIN5-19572
Fixed

LIN5-19572 : Security Advisory - openssl - CVE-2014-3513

Created: Oct 19, 2014    Updated: Dec 19, 2017
Resolved Date: Oct 21, 2014
Previous ID: LIN4-31846
Found In Version: 5.0.1.20
Fix Version: 5.0.1.20
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. This could be
exploited in a Denial Of Service attack. This issue affects OpenSSL
1.0.1 server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL_NO_SRTP defined are not affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513

Other Downloads


Live chat
Online