Wind River Support Network

HomeDefectsSCP6-477
Fixed

SCP6-477 : Security Advisory - openssl - CVE-2014-3507

Created: Aug 17, 2014    Updated: Dec 3, 2018
Resolved Date: Aug 27, 2014
Previous ID: LIN4-31688
Found In Version: 6.0.0.11
Fix Version: 6.0.0.11
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

A DTLS memory leak from zero-length fragments was found. By sending carefully crafted DTLS packets an attacker could cause OpenSSL to leak memory. This could lead to a Denial of Service attack. (original advisory). Reported by Adam Langley (Google). 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507

Fixed in OpenSSL 1.0.1i (Affected 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) 
Fixed in OpenSSL 1.0.0n (Affected 1.0.0m, 1.0.0l, 1.0.0k, 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a) 
Fixed in OpenSSL 0.9.8zb (Affected 0.9.8za, 0.9.8y, 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o) 

Other Downloads


Live chat
Online