- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPP v7.0 update 6 contains thefollowing fix:
DPD200259352 Regarding Vulnerability Report of IPP Crypt
I am working in an environment that implements the IPP library, and we are required by compliance regulations to assess all vulnerabilities that affect the environment. Is this a fix that addresses a vulnerability, or is it just related to reporting? If it does address a vulnerability, I have the following questions:
Are the details of the vulnerability public? Is it being exploited?
What is the exploit vector (MITM? remotely exploitable?)
What level of privileges are requried (none required, valid user required)?
DPD200259352 Regarding Vulnerability Report of IPP Crypt
I am working in an environment that implements the IPP library, and we are required by compliance regulations to assess all vulnerabilities that affect the environment. Is this a fix that addresses a vulnerability, or is it just related to reporting? If it does address a vulnerability, I have the following questions:
Are the details of the vulnerability public? Is it being exploited?
What is the exploit vector (MITM? remotely exploitable?)
What level of privileges are requried (none required, valid user required)?
Link Copied
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Actually, the DPD200259352 includes the fixs on:
ippsRSASign_XXX_PKCSv15 handles very long message (msgLen>0x7FFFFFFF bytes). IPP 7.0.6 fixed the bug on such long message.
ippsRSAOAEPEncrypt_XXX function add check on the input parameter check on pLabel=0. When pLabel==0 && labelLen!=0, it is considered as bad parameters.
If these specific cases are not used in the application, it is not effected by that fix.
Thanks,
Chao
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page