Wind River Systems, Inc. Information for VU#720951
OpenSSL TLS heartbeat extension read overflow discloses sensitive information
- Vendor Information Help Date Notified: 07 Apr 2014
- Statement Date: 07 Apr 2014
- Date Updated: 11 Apr 2014
No statement is currently available from the vendor regarding this vulnerability.
Wind River has investigated its products regarding the heart blead vulnerability. The conclusion is:
VxWorks is not vulnerable.
WR Linux 3.x and 4.x are not vulnerable.
WR Linux 5.0.1.x is vulnerable if the optional openssl-1.0.1 package is installed.
WR Linux 6.0.0.x is vulnerable.
INP 3.4 is vulnerable.
Wind River customers can find additional information, e.g. fixes, at the online support web site https://support.windriver.com/
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.