RTLib Common 23.1p1

Problem Description

The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.

Affected Products

RTLib (Real-Time Interface) up to 23-B

Solution

The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.

Download

Readme

DS_ImplSW_RTLib_Common_23.1p1_617228

Changes to the components are public available for examination

https://github.com/dspace-group/ds-zip

https://github.com/dspace-group/ds-unzip

The following security vulnerabilities are addressed by the patch:

zip.exe

NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)

unzip.exe

NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)

NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)

NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)

Tags

Date	2023-09-07
Produit	Matériels de prototypage rapide et HIL
Type d’information	Patches
Catégorie d’information	Phase de débogage
Release dSPACE	2023-A

Faire avancer l'innovation. Toujours à la pointe de l'évolution technologique.

S’abonner à nos newsletters, gérer ses abonnements ou se désabonner. La newsletter mensuelle contenant toutes les informations liées à l’aéronautique et défense.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.