OpenSSL 3.1.4.0 vulnerability detection Microsoft Defender GIMP 2.10.36
Environment/Versions
- GIMP version: GIMP 2.10.36
- Package: gimp-2.10.36-setup.exe
- Operating System: Windows 10 Pro x64 64-bit winver 19045.3693
Description of the bug
Microsoft Defender detects Openssl 3.1.4.0 vulnerable for CVE-2023-5678 CVSS3.7 CVSS Version 3. The files detected are the following four. c:\program files\gimp 2\bin\libcrypto-3-x64.dll c:\program files\gimp 2\bin\libssl-3-x64.dll c:\program files\gimp 2\32\bin\libcrypto-3.dll c:\program files\gimp 2\32\bin\libssl-3.dll
Reproduction steps: Checking the files, they are in fact 3.1.4.0 CVE-2023-5678 Vulnerable versions Openssl versions 3.1.0 (including) up to 3.1.5 (excluding)
Expected result: version 3.1.5 See https://www.openssl.org/news/vulnerabilities.html Fixed in OpenSSL 3.1.5 (git commit) (Affected since 3.1.0) Gitcommit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
Action Result: version 3.1.4 detected. upgrade .dll's to 3.1.5