Problem Description
The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.
Affected Products
RTLib (Real-Time Interface) up to 23-B
Solution
The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.
Download
DS_ImplSW_RTLib_Common_1.21p2_616940
Changes to the components are public available for examination
https://github.com/dspace-group/ds-zip
https://github.com/dspace-group/ds-unzip
The following security vulnerabilities are addressed by the patch:
zip.exe
NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)
unzip.exe
NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)
NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)
NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)
Date | 2023-09-07 |
製品 | RCP and HIL Software |
インフォメーション | パッチ |
情報カテゴリー | トラブルシューティング |
dSPACE Release | 2022-A |
最新の技術開発動向をつかんで、イノベーションを加速。
メールマガジンの購読希望・変更/配信停止手続き