Problem Description
The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.
Affected Products
RTLib (Real-Time Interface) up to 23-B
Solution
The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.
Download
DS_ImplSW_RTLib_Common_23.1p1_617228
Changes to the components are public available for examination
https://github.com/dspace-group/ds-zip
https://github.com/dspace-group/ds-unzip
The following security vulnerabilities are addressed by the patch:
zip.exe
NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)
unzip.exe
NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)
NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)
NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)
Date | 2023-09-07 |
Produit | Matériels de prototypage rapide et HIL |
Type d’information | Patches |
Catégorie d’information | Phase de débogage |
Release dSPACE | 2023-A |
Faire avancer l'innovation. Toujours à la pointe de l'évolution technologique.
S’abonner à nos newsletters, gérer ses abonnements ou se désabonner. La newsletter mensuelle contenant toutes les informations liées à l’aéronautique et défense.