RTLib Common 22.2p1

Problem Description

The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.

 

Affected Products

RTLib (Real-Time Interface) up to 23-B

 

Solution

The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.

 

Download

Readme

DS_ImplSW_RTLib_Common_22.2p1_617229

 

Changes to the components are public available for examination

https://github.com/dspace-group/ds-zip

https://github.com/dspace-group/ds-unzip

 

The following security vulnerabilities are addressed by the patch:

 

zip.exe

NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)

unzip.exe

NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)

NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)

NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)

Tags
Date 2023-09-07
Product RCP and HIL Software
Information Type Patches
Information Category Troubleshooting
dSPACE Release 2022-B

Stay up-to-date with our dSPACE direct newsletter service.

With our dSPACE newsletter service, we will keep you informed about current use cases and new solutions and products, as well as trainings and events. Sign up here for a free subscription.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.