Wind River Support Network


LIN7-6759 : Security Advisory - openssl - CVE-2016-2179

Created: Sep 1, 2016    Updated: Sep 8, 2018
Resolved Date: Sep 7, 2016
Found In Version: 7.0
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


It was found that current mechanism of queuing the future messages, i.e. messages having greater sequence numbers that are to be processed later, is prone to DoS attack by memory exhaustion, when attacker can fill up the queue with lots of large messages that are never going to be used. Only up to 10 messages in the future can be buffered and queue gets cleared when the connection is closed, thus attacker can exploit this only with opening many simultaneous connections. 

Security Notices

Other Downloads


Live chat