OpenSSL 1.1.1u

Problem Description 

Various components, such as Python, use OpenSSL version 1.1.1u internally. As no newer versions are yet released/available for these components, the associated vulnerability CVE-2023-4807 cannot be removed. 

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. 

If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences up to data corruption and control of the application process. 

Additional Content

Please sign in to your mydSPACE account to view this content.
Tags
Date 2024-01-08
Product Real-Time Testing
Information Type Notifications
Information Category Product Security, Troubleshooting
dSPACE Release 2023-B, 2023-A, 2022-B, 2022-A

Stay up-to-date with our dSPACE direct newsletter service.

With our dSPACE newsletter service, we will keep you informed about current use cases and new solutions and products, as well as trainings and events. Sign up here for a free subscription.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.