STM32CubeProgrammer - OpenSSL vulnerabilities

Forum|Forum|1 year ago
September 3, 2024
1 reply
904 views

It has vulnerability on OpenSSL - running on 3.1.2 , latest version online is 3.1.6 (LTS -3.0)

c:\program files\stmicroelectronics\stm32cube\stm32cubeprogrammer\updater\libcrypto-3.dll

CVE-2023-4807 CVSS 7.8

we kindly request that you prioritize releasing an update to address these vulnerabilities as soon as possible

STM32CubeProgrammer

Amine_Jridi

Technical Moderator

Hello @RyanSkyports,

The OpenSSL version you mentioned is the one used in the updater.

Currently CubeProgrammer v2.16 and v2.17 both use OpenSSL v1.1.1:

c:\program files\stmicroelectronics\stm32cube\stm32cubeprogrammer\bin\libcrypto-1_1-x64.dll

There is already a request to upgrade to the latest version.

Internal ticket number: 175640 (This is an internal tracking number and is not accessible or usable by customers).

Thanks,

Amine.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

c:\program files\stmicroelectronics\stm32cube\stm32cubeprogrammer\updater\libcrypto-3.dll

CVE-2023-4807 CVSS 7.8

c:\program files\stmicroelectronics\stm32cube\stm32cubeprogrammer\bin\libcrypto-1_1-x64.dll

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded