Problem Description
The installation of RTLib (Real-Time Interface) includes outdated versions of zip.exe and unzip.exe. Using the command-line parameter '-t' (test compressed archive data) makes it possible to provide a specially crafted archive that can cause the application to crash.
Affected Products
RTLib (Real-Time Interface) up to 23-B
Solution
The patch replaces the components with newer versions in which the '-t' parameter has been removed from the application.
Download
DS_ImplSW_RTLib_Common_1.21p2_616940
Changes to the components are public available for examination
https://github.com/dspace-group/ds-zip
https://github.com/dspace-group/ds-unzip
The following security vulnerabilities are addressed by the patch:
zip.exe
NVD - CVE-2018-13410 (https://nvd.nist.gov/vuln/detail/CVE-2018-13410)
unzip.exe
NVD - CVE-2014-8141 (https://nvd.nist.gov/vuln/detail/CVE-2014-8141)
NVD - CVE-2014-8140 (https://nvd.nist.gov/vuln/detail/CVE-2014-8140)
NVD - CVE-2014-8139 (https://nvd.nist.gov/vuln/detail/CVE-2014-8139)
Date | 2023-09-07 |
Product | RCP and HIL Software |
Information Type | Patches |
Information Category | Troubleshooting |
dSPACE Release | 2022-A |
Drive innovation forward. Always on the pulse of technology development.
Subscribe to our expert knowledge. Learn from our successful project examples. Keep up to date on simulation and validation. Subscribe to/manage dSPACE direct and aerospace & defense now.