Intel® Integrated Performance Primitives
Community support and discussions relating to developing high-performance vision, signal, security, and storage applications.
6633 Discussions

Information on DPD200259352 Regarding Vulnerability Report of IPP Crypt

jsethi
Beginner
103 Views
IPP v7.0 update 6 contains thefollowing fix:

DPD200259352 Regarding Vulnerability Report of IPP Crypt

I am working in an environment that implements the IPP library, and we are required by compliance regulations to assess all vulnerabilities that affect the environment. Is this a fix that addresses a vulnerability, or is it just related to reporting? If it does address a vulnerability, I have the following questions:

Are the details of the vulnerability public? Is it being exploited?
What is the exploit vector (MITM? remotely exploitable?)
What level of privileges are requried (none required, valid user required)?
0 Kudos
1 Reply
Chao_Y_Intel
Employee
103 Views

Hello,

Actually, the DPD200259352 includes the fixs on:

ippsRSASign_XXX_PKCSv15 handles very long message (msgLen>0x7FFFFFFF bytes). IPP 7.0.6 fixed the bug on such long message.

ippsRSAOAEPEncrypt_XXX function add check on the input parameter check on pLabel=0. When pLabel==0 && labelLen!=0, it is considered as bad parameters.

If these specific cases are not used in the application, it is not effected by that fix.

Thanks,
Chao

Reply