FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32CubeProgrammer - OpenSSL vulnerabilities

RyanSkyports
Associate

‎2024-09-03 02:56 AM

It has vulnerability on OpenSSL - running on 3.1.2 , latest version online is 3.1.6 (LTS -3.0)
 

c:\program files\stmicroelectronics\stm32cube\stm32cubeprogrammer\updater\libcrypto-3.dll

 

CVE-2023-4807 CVSS 7.8

we kindly request that you prioritize releasing an update to address these vulnerabilities as soon as possible

 
Labels:
Preview file
136 KB
0 Kudos
1 REPLY 1
Amine_Jridi
ST Employee

‎2024-10-09 08:47 AM

Hello @RyanSkyports,

The OpenSSL version you mentioned is the one used in the updater.

Currently CubeProgrammer v2.16 and v2.17 both use OpenSSL v1.1.1:

c:\program files\stmicroelectronics\stm32cube\stm32cubeprogrammer\bin\libcrypto-1_1-x64.dll

There is already a request to upgrade to the latest version. 

Internal ticket number: 175640 (This is an internal tracking number and is not accessible or usable by customers).

Thanks,

Amine.


In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
0 Kudos
Related Content
Top