Wind River Support Network

HomeDefectsLIN5-19587
Fixed

LIN5-19587 : Security Advisory - openssl - CVE-2014-3567

Created: Oct 21, 2014    Updated: Dec 19, 2017
Resolved Date: Oct 22, 2014
Previous ID: LIN4-31852
Found In Version: 5.0.1.20
Fix Version: 5.0.1.20
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

Other Downloads


Live chat
Online