发布日期：2019-08-26
更新日期：2019-08-28

受影响系统：

Wind River Systems VxWorks vx7
Wind River Systems VxWorks 6.9.4
Wind River Systems VxWorks 6.9.3
Wind River Systems VxWorks 6.9
Wind River Systems VxWorks 6.8
Wind River Systems VxWorks 6.7
Wind River Systems VxWorks 6.6
Wind River Systems VxWorks 6.5

描述：

---

CVE(CAN) ID: CVE-2019-12265

Wind River Systems VxWorks是一套嵌入式实时操作系统（RTOS）。

Wind River Systems VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3, 6.9.4版本，IGMPv3客户端组件中存在内存泄露。攻击者可利用该漏洞获取敏感信息。

<*来源：Wind River
  
  链接：https://www.us-cert.gov/ics/advisories/icsa-19-211-01
*>

建议：

---

厂商补丁：

Wind River Systems
------------------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf    
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009    
https://security.netapp.com/advisory/ntap-20190802-0001/    
https://support.f5.com/csp/article/K41190253    
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12256    
https://support2.windriver.com/index.php?page=security-notices    
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

浏览次数：1254
严重程度：0（网友投票）