RTLib Common 23.1p1

Problem Description

The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.

Affected Products

RTLib (Real-Time Interface) up to 23-B

Solution

The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.

Download

Readme

DS_ImplSW_RTLib_Common_23.1p1_617228

Changes to the components are public available for examination

https://github.com/dspace-group/ds-zip

https://github.com/dspace-group/ds-unzip

The following security vulnerabilities are addressed by the patch:

zip.exe

NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)

unzip.exe

NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)

NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)

NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)

Tags

Date	2023-09-07
Product	RCP and HIL Software
Information Type	Patches
Information Category	Troubleshooting
dSPACE Release	2023-A

Drive innovation forward. Always on the pulse of technology development.

Subscribe to our expert knowledge. Learn from our successful project examples. Keep up to date on simulation and validation. Subscribe to/manage dSPACE direct and aerospace & defense now.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.