OpenSSL 1.1.1u

Problem Description 

Various components, such as Python, use OpenSSL version 1.1.1u internally. As no newer versions are yet released/available for these components, the associated vulnerability CVE-2023-4807 cannot be removed. 

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. 

If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences up to data corruption and control of the application process. 

Additional Content

Please sign in to your mydSPACE account to view this content.
Tags
Date 2024-01-09
製品 Real-Time Testing
インフォメーション お知らせ
情報カテゴリー Product Security, トラブルシューティング
dSPACE Release 2023-B, 2023-A, 2022-B, 2022-A

ニュースレターサービスで最新情報をお届けします。

dSPACEのニュースレターサービスでは、最新の使用事例、新しいソリューションや製品、トレーニングやイベントに関する情報をお届けします。無料購読のお申し込みはこちらから。

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.