Wind River Support Network


LIN6-8601 : Security Advisory - openssl - CVE-2014-3567

Created: Oct 21, 2014    Updated: Dec 3, 2018
Resolved Date: Oct 21, 2014
Previous ID: LIN4-31853
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack.

Other Downloads

Live chat