Windriver

By the Year

In 2026 there have been 0 vulnerabilities in Windriver. Last year, in 2025 Windriver had 1 security vulnerability published. Right now, Windriver is on track to have less security vulnerabilities in 2026 than it did last year.

Recent Windriver Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-26500	Mar 21, 2025	Resource Consumption in Wind River VxWorks 7 (22.06-24.03) via USB : Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.   Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03.	Vxworks
CVE-2024-28759	May 14, 2024	Wind River VxWorks 7/23.09 Buffer Overrun via Crafted Packet A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09.	Vxworks
CVE-2023-51787	Feb 15, 2024	Wind River VxWorks 7.22.09 Mem Leak via OpenSSL per-Task RAM An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak.	Vxworks
CVE-2023-38346	Sep 22, 2023	Directory Traversal in Wind River VxWorks 6.9/7 tarExtract Function An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.	Vxworks
CVE-2022-38767	Nov 25, 2022	Wind River VxWorks 6.9 DoS via crafted Radius packet An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.	Vxworks
CVE-2022-23937	Mar 29, 2022	In Wind River VxWorks 6.9 and 7 In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.	Vxworks
CVE-2021-43268	Nov 24, 2021	An issue was discovered in VxWorks 6.9 through 7 An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.	Vxworks
CVE-2020-35198	May 12, 2021	An issue was discovered in Wind River VxWorks 7 An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.	Vxworks
CVE-2021-29999	Apr 13, 2021	An issue was discovered in Wind River VxWorks through 6.8 An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.	Vxworks
CVE-2021-29997	Apr 13, 2021	An issue was discovered in Wind River VxWorks 7 before 21.03 An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.	Vxworks