In the Splashtop version 3.6.4.0 release, we updated our OpenSSL library to version 3.0.12, effectively addressing the following CVEs with this crucial update.
CVEs fixed in Splashtop version 3.6.4.0:
| CVE | OpenSSL version that fixed the CVE | OpenSSL Severity | CVE Detail |
| CVE-2023-5363 | 3.0.12/3.1.4 | Medium | |
| CVE-2023-4807 | 3.0.11/3.1.3/1.1.1w | Low | |
| CVE-2023-3817 | 3.0.10/3.1.2/1.1.1v | Low | |
| CVE-2023-3446 | 3.0.10/3.1.2/1.1.1v | Low | |
| CVE-2023-2975 | 3.0.10/3.1.2 | Low | |
| CVE-2023-2650 | 3.0.9/3.1.1/1.1.1u | Medium | |
| CVE-2023-0465 | 3.0.9/3.1.1/1.1.1u | Low | |
| CVE-2023-1255 | 3.0.9/3.1.1 | Low | |
| CVE-2023-0466 | 3.0.9/3.1.1/1.1.1u | Low | |
| CVE-2023-0464 | 3.0.9/3.1.1/1.1.1u | Low |
To benefit from the resolved security enhancements, we strongly recommend all users to update their Splashtop software to the latest version. You can find detailed instructions for updating here:
How do I update the business app?
For CVEs that remain unresolved, we plan to incorporate the necessary fixes in upcoming versions. If you have any questions or concerns, please don't hesitate to reach out to our support team.