FAQs
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

STM32CubeProgrammer - OpenSSL vulnerabilities

RyanSkyports
Associate

‎2024-09-03 2:56 AM

It has vulnerability on OpenSSL - running on 3.1.2 , latest version online is 3.1.6 (LTS -3.0)
 

c:\program files\stmicroelectronics\stm32cube\stm32cubeprogrammer\updater\libcrypto-3.dll

 

CVE-2023-4807 CVSS 7.8

we kindly request that you prioritize releasing an update to address these vulnerabilities as soon as possible

 
Labels:
Screenshot 2024-09-03 104930.png
Preview file
136 KB
0 Kudos
1 REPLY 1
Amine_Jridi
ST Employee

‎2024-10-09 8:47 AM

Hello @RyanSkyports,

The OpenSSL version you mentioned is the one used in the updater.

Currently CubeProgrammer v2.16 and v2.17 both use OpenSSL v1.1.1:

c:\program files\stmicroelectronics\stm32cube\stm32cubeprogrammer\bin\libcrypto-1_1-x64.dll

There is already a request to upgrade to the latest version. 

Internal ticket number: 175640 (This is an internal tracking number and is not accessible or usable by customers).

Thanks,

Amine.


In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
Related Content
Top