Wind River Support Network

HomeDefectsLIN5-21917
Fixed

LIN5-21917 : Security Advisory - openssl - CVE-2016-2179

Created: Sep 1, 2016    Updated: May 29, 2018
Resolved Date: Sep 7, 2016
Found In Version: 5.0.1.36
Fix Version: 5.0.1.38
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

It was found that current mechanism of queuing the future messages, i.e. messages having greater sequence numbers that are to be processed later, is prone to DoS attack by memory exhaustion, when attacker can fill up the queue with lots of large messages that are never going to be used. Only up to 10 messages in the future can be buffered and queue gets cleared when the connection is closed, thus attacker can exploit this only with opening many simultaneous connections. 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179

Security Notices


Other Downloads


Live chat
Online