Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HeidiSQL 12.6.0.6765 OpenSSL 3.1.3 vulnerability #1905

Closed
AScott-WWF opened this issue Feb 5, 2024 · 0 comments
Closed

HeidiSQL 12.6.0.6765 OpenSSL 3.1.3 vulnerability #1905

AScott-WWF opened this issue Feb 5, 2024 · 0 comments
Labels
nettype-postgresql security
Milestone
v12.7

Comments

@AScott-WWF
Copy link

Preconditions

  • HeidiSQL version: 12.6.0.6765
  • Database type and version: unknown
  • OS: Windows 10 x64

Describe the bug
We have become aware that HeidiSQL v12.6 contains the following OpenSSL v3.1.3 DLLs (in their default install location) which are vulnerable to a number of existing CVEs (1 Moderate severity and 4 Low severity)
c:\program files\heidisql\libcrypto-3-x64.dll c:\program files\heidisql\libssl-3-x64.dll
N.B. These issues have been resolved in the latest OpenSSL release v3.1.5 (Released January 30th 2024)

This is similar to #1841

List of vulnerabilities fixed in OpenSSL v3.1.x : https://www.openssl.org/news/vulnerabilities-3.1.html
OpenSSL downloads available from here: https://www.openssl.org/source/

To Reproduce
n/a

Screenshots or Crash reports
n/a

Thanks in advance for your consideration
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
nettype-postgresql security
Projects
None yet
Milestone
v12.7
Development

No branches or pull requests
2 participants
@ansgarbecker @AScott-WWF