RTLib Common 23.1p1

Problem Description

The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.

 

Affected Products

RTLib (Real-Time Interface) up to 23-B

 

Solution

The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.

 

Download

Readme

DS_ImplSW_RTLib_Common_23.1p1_617228

 

Changes to the components are public available for examination

https://github.com/dspace-group/ds-zip

https://github.com/dspace-group/ds-unzip

 

The following security vulnerabilities are addressed by the patch:

 

zip.exe

NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)

unzip.exe

NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)

NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)

NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)

Tags
Date 2023-09-07
製品 RCP and HIL Software
インフォメーション パッチ
情報カテゴリー トラブルシューティング
dSPACE Release 2023-A

最新の技術開発動向をつかんで、イノベーションを加速。

メールマガジンの購読希望・変更/配信停止手続き

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.