JVNVU#98954443
Multiple vulnerabilities in Edgecross Basic Software for Windows
Overview
Edgecross Basic Software for Windows contains multiple vulnerabilities.
Products Affected
CVE-2023-0286
- Edgecross Basic Software for Windows ECP-BS1-W versions from 1.10 to 1.28
- Edgecross Basic Software for Developers ECP-BS1-W-D versions from 1.10 to 1.28
- Edgecross Basic Software for Windows ECP-BS1-W versions from 1.00 to 1.28
- Edgecross Basic Software for Developers ECP-BS1-W-D versions from 1.00 to 1.28
- Edgecross Basic Software for Windows ECP-BS1-W versions from 1.20 to 1.28
- Edgecross Basic Software for Developers ECP-BS1-W-D versions from 1.20 to 1.28
Description
Edgecross Basic Software for Windows provided by Edgecross Consortium contains third-party components.
Edgecross Basic Software for Windows is affected by the vulnerabilities existed in the components listed below.
- CVE-2023-0286, CVE-2022-4304 (OpenSSL)
- CVE-2018-25032 (zlib)
Impact
Exporting specially crafted configuration files or sending specially crafted packets may lead to a denial-of-service (DoS) condition or information disclosure.
Solution
Update the Software
Update to the software to the latest version according to the information provided by the developer.
Apply the Workaround
In the case where the users cannot update the software to the latest version immediately, apply the workarounds according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Edgecross Consortium | Denial of service (DoS) and information leak vulnerability in Edgecross basic software for Windows |
References
-
OpenSSL Security Advisory [7th February 2023]
X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) -
madler/zlib ยท GitHub
CVE-2018-25032 (zlib memory corruption on deflate) #605
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Edgecross Consortium reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.