Wind River Support Network

HomeDefectsLIN7-6759
Fixed

LIN7-6759 : Security Advisory - openssl - CVE-2016-2179

Created: Sep 1, 2016    Updated: Sep 8, 2018
Resolved Date: Sep 7, 2016
Found In Version: 7.0
Fix Version: 7.0.0.20
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

It was found that current mechanism of queuing the future messages, i.e. messages having greater sequence numbers that are to be processed later, is prone to DoS attack by memory exhaustion, when attacker can fill up the queue with lots of large messages that are never going to be used. Only up to 10 messages in the future can be buffered and queue gets cleared when the connection is closed, thus attacker can exploit this only with opening many simultaneous connections. 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179 

Security Notices


Other Downloads


CVEs


Live chat
Online