openSSL punycode Vulnerability

Is dSPACE software affected by the openSSL punycode vulnerabilities?

We are getting requests from our customers who are concerned about the so-called openSSL punycode vulnerabilities.

The security vulnerabilities are related to openSSL library, a C-based open-source library for encryption of data in multiple environments.

Based on our software dependency analysis, following dSPACE products contain openSSL versions with the below listed vulnerabilities

SIMPHERA

An update of the library which fixes these vulnerabilities will be available in SIMPHERA 22.9.

CVE Dictionary Entry	Description and assessment
CVE-2022-3602	This buffer overflow vulnerability could lead to crash in the affected products causing a denial of service or potentially remote code execution. Affected openSSL versions are 3.0.0-3.0.6.
CVE-2022-3786	This buffer overflow vulnerability could lead to crash in the affected products causing a denial of service. Affected openSSL versions are 3.0.0-3.0.6.

Tags

Date	2022-11-07
Information Type	Notifications
Information Category	Product Security, Troubleshooting
dSPACE Release	2022-A, 2021-B, 2021-A, 2020-B, 2020-A, 2019-B, 2019-A, 2018-B, 2018-A, 2017-B , 2017-A, 2016-B, 2016-A, 2015-B, 2015-A, 2014-B, 2014-A, 2013-B, 2013-A, Prior to 2013-A

Stay up-to-date with our dSPACE direct newsletter service.

With our dSPACE newsletter service, we will keep you informed about current use cases and new solutions and products, as well as trainings and events. Sign up here for a free subscription.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.