CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
High
RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-2961.
CVEID:CVE-2024-2961
**DESCRIPTION:**GNU C Library is vulnerable to a denial of service, caused by an out-of-bounds write flaw in the iconv() function when converting strings to the ISO-2022-CN-EXT character set. By persuading a victim to open a specially crafted content, a remote attacker could exploit this vulnerability to cause the application to crash or overwrite a neighbouring variable.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287843 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Ceph | 7.0-7.0z2 |
IBM Storage Ceph | 6.0, 6.1-6.1z5 |
IBM Storage Ceph | 5.3z1-z6 |
IBM strongly recommends addressing the vulnerability now.
Download the latest version of IBM Storage Ceph and upgrade to 7.1 by following instructions.
<https://public.dhe.ibm.com/ibmdl/export/pub/storage/ceph/>
<https://www.ibm.com/docs/en/storage-ceph/7?topic=upgrading>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | storage_ceph | 7.0 | cpe:2.3:a:ibm:storage_ceph:7.0:*:*:*:*:*:*:* |
ibm | storage_ceph | 2 | cpe:2.3:a:ibm:storage_ceph:2:*:*:*:*:*:*:* |
ibm | storage_ceph | 6.0 | cpe:2.3:a:ibm:storage_ceph:6.0:*:*:*:*:*:*:* |
ibm | storage_ceph | 6.1 | cpe:2.3:a:ibm:storage_ceph:6.1:*:*:*:*:*:*:* |
ibm | storage_ceph | 5 | cpe:2.3:a:ibm:storage_ceph:5:*:*:*:*:*:*:* |
ibm | storage_ceph | 5.3 | cpe:2.3:a:ibm:storage_ceph:5.3:*:*:*:*:*:*:* |
ibm | storage_ceph | 1 | cpe:2.3:a:ibm:storage_ceph:1:*:*:*:*:*:*:* |
ibm | storage_ceph | 6 | cpe:2.3:a:ibm:storage_ceph:6:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
High