Problem Description
The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.
Affected Products
RTLib (Real-Time Interface) up to 23-B
Solution
The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.
Download
DS_ImplSW_RTLib_Common_22.2p1_617229
Changes to the components are public available for examination
https://github.com/dspace-group/ds-zip
https://github.com/dspace-group/ds-unzip
The following security vulnerabilities are addressed by the patch:
zip.exe
NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)
unzip.exe
NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)
NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)
NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)
Date | 2023-09-07 |
Produkt | RCP- und HIL-Software |
Informationstyp | Patches |
Informationskategorie | Problembehandlung |
dSPACE Release | 2022-B |
Treiben Sie Innovationen voran. Immer am Puls der Technologieentwicklung.
Abonnieren Sie unser Expertenwissen. Lernen Sie von erfolgreichen Projektbeispielen. Bleiben Sie auf dem neuesten Stand der Simulation und Validierung. Jetzt dSPACE direct und dSPACE direct aeropace & defense abonnieren.