Problem Description
The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.
Affected Products
RTLib (Real-Time Interface) up to 23-B
Solution
The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.
Download
DS_ImplSW_RTLib_Common_22.2p1_617229
Changes to the components are public available for examination
https://github.com/dspace-group/ds-zip
https://github.com/dspace-group/ds-unzip
The following security vulnerabilities are addressed by the patch:
zip.exe
NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)
unzip.exe
NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)
NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)
NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)
Date | 2023-09-07 |
제품군 | RCP and HIL Software |
인포메이션 타입 | 패치 |
인포메이션 카테고리 | Troubleshooting |
dSPACE Release | 2022-B |
혁신을 추진하세요. 항상 기술 개발의 동향을 주시해야 합니다.
저희 전문 지식 서비스에 가입하세요. dSPACE의 성공적인 프로젝트 사례를 확인해 보세요. 시뮬레이션 및 검증에 대한 최신 정보를 받아보세요. 지금 바로 dSPACE 다이렉트(뉴스레터)를 구독하세요.