Wind River Support Network


LIN6-8582 : Security Advisory - openssl - CVE-2014-3513

Created: Oct 19, 2014    Updated: Dec 3, 2018
Resolved Date: Oct 21, 2014
Previous ID: LIN4-31847
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. This could be
exploited in a Denial Of Service attack. This issue affects OpenSSL
1.0.1 server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL_NO_SRTP defined are not affected.

Other Downloads

Live chat