IBM425EA361D15259AED82E2EF76F5074ADA39682346181901C4F0E0065FFEE61BFSecurity Bulletin: IBM MQ Appliance is affected by a GNU C library (glibc) vulnerability (CVE-2017-8804)
0.012 Low
EPSS
Percentile
85.1%
Summary
IBM MQ Appliance has addressed a vulnerability in GNU C library (glibc).
Vulnerability Details
CVEID:CVE-2017-8804
**DESCRIPTION:*glibc is vulnerable to a denial of service, caused by improper handling of buffer deserialization in the xdr_bytes and xdr_string functions. By sending a specially-crafted UDP packet, a remote attacker could exploit this vulnerability to cause virtual memory allocation, or memory consumption on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125760 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.7
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates between 9.0.1 and 9.0.3
Remediation/Fixes
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.8
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply Continuous Delivery Release 9.0.4
Workarounds and Mitigations
None
Related
0.012 Low
EPSS
Percentile
85.1%