Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM844D4377DE7D11C183AEF7BEEBFF5150237624CCAE269BEC3996C7B05598840C
HistoryOct 07, 2022 - 8:52 p.m.

Security Bulletin: Multiple Vulnerabilities in base image packages

2022-10-0720:52:32
www.ibm.com
15
ibm voice gateway
vulnerabilities
base image packages
cve-2022-2526
cve-2022-1271
systemd
gnu gzip
security restriction bypass
upgrade

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.6%

JSON

Summary

Security Vulnerabilities in base image packages affect IBM Voice Gateway.

Vulnerability Details

CVEID:CVE-2022-2526
**DESCRIPTION:**systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in “resolved-dns-stream.c” not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235161 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-1271
**DESCRIPTION:**GNU gzip could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of file name by the zgrep utility. By using a specially-crafted file name, an attacker could exploit this vulnerability to write arbitrary files on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223754 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Voice Gateway 1.0.7
Voice Gateway 1.0.6
Voice Gateway 1.0.2.4
Voice Gateway 1.0.4
Voice Gateway 1.0.7.1
Voice Gateway 1.0.2
Voice Gateway 1.0.8
Voice Gateway 1.0.5
Voice Gateway 1.0.3
Voice Gateway 1.0.7
Voice Gateway 1.0.6
Voice Gateway 1.0.2.4
Voice Gateway 1.0.4
Voice Gateway 1.0.7.1
Voice Gateway 1.0.2
Voice Gateway 1.0.8
Voice Gateway 1.0.5
Voice Gateway 1.0.3

Remediation/Fixes

Upgrade to the following IBM Voice Gateway 1.0.8.x images

ibmcom/voice-gateway-mr:1.0.8.3
ibmcom/voice-gateway-so:1.0.8.3

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmibm_voice_gatewayMatchany
CPENameOperatorVersion
ibm voice gatewayeqany

Related

cloudfoundry 4
nessus 69
openvas 41
osv 16
cvelist 1
redhat 14
ubuntucve 2
redhatcve 1
ubuntu 5
ibm 3
f5 1
rocky 5
centos 2
cve 1
oraclelinux 6
nvd 1
prion 1
almalinux 4
veracode 2
redos 2
debiancve 2
amazon 2
fedora 3
slackware 2
freebsd 1
altlinux 1
suse 1
archlinux 1
zdi 1
debian 3
alpinelinux 1
cloudfoundry
cloudfoundry
USN-5583-1: systemd vulnerability | Cloud Foundry
2022-09-29 00:00:00
USN-5583-2: systemd regression | Cloud Foundry
2022-09-29 00:00:00
USN-5378-2: XZ Utils vulnerability | Cloud Foundry
2022-05-23 00:00:00
nessus
nessus
RHEL 8 : systemd (RHSA-2022:6206)
2022-08-30 00:00:00
AlmaLinux 8 : systemd (ALSA-2022:6206)
2022-09-07 00:00:00
Ubuntu 18.04 LTS : systemd regression (USN-5583-2)
2022-09-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5583-1)
2022-08-31 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-1698)
2023-05-08 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2022-2450)
2022-10-10 00:00:00
osv
osv
Important: systemd security update
2022-08-29 00:00:00
systemd vulnerability
2022-08-29 08:54:00
CVE-2022-2526
2022-09-09 15:15:10
cvelist
cvelist
CVE-2022-2526
2022-09-09 00:00:00
redhat
redhat
(RHSA-2022:6163) Important: systemd security update
2022-08-24 15:26:30
(RHSA-2022:6162) Important: systemd security update
2022-08-24 15:21:11
(RHSA-2022:6206) Important: systemd security update
2022-08-29 15:56:37
ubuntucve
ubuntucve
CVE-2022-2526
2022-08-24 00:00:00
CVE-2022-1271
2022-04-07 00:00:00
redhatcve
redhatcve
CVE-2022-2526
2022-08-19 13:38:44
ubuntu
ubuntu
systemd regression
2022-09-14 00:00:00
systemd vulnerability
2022-08-29 00:00:00
Gzip vulnerability
2022-04-13 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in systemd (CVE-2022-2526)
2023-03-31 16:54:28
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU Gzip (CVE-2022-1271)
2023-01-12 21:59:00
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip (CVE-2022-1271)
2023-02-01 15:46:50
f5
f5
K000132680 : systemd vulnerability CVE-2022-2526
2023-02-21 00:00:00
rocky
rocky
systemd security update
2022-08-29 15:56:37
xz security update
2022-06-13 07:15:31
gzip security update
2022-05-17 22:32:54
centos
centos
libgudev1, systemd security update
2022-09-01 22:04:07
xz security update
2022-08-02 19:22:54
cve
cve
CVE-2022-2526
2022-09-09 15:15:10
oraclelinux
oraclelinux
systemd security update
2022-08-25 00:00:00
systemd security update
2022-08-29 00:00:00
xz security update
2022-06-13 00:00:00
nvd
nvd
CVE-2022-2526
2022-09-09 15:15:10
prion
prion
Design/Logic Flaw
2022-09-09 15:15:00
almalinux
almalinux
Important: systemd security update
2022-08-29 00:00:00
Important: xz security update
2022-06-08 00:00:00
Important: xz security update
2022-06-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-10-05 22:31:55
Remote Code Execution
2022-04-10 10:33:43
redos
redos
ROS-20240403-04
2024-04-03 00:00:00
ROS-20220516-02
2022-05-16 00:00:00
debiancve
debiancve
CVE-2022-2526
2022-09-09 15:15:10
CVE-2022-1271
2022-08-31 16:15:09
amazon
amazon
Important: gzip, xz
2022-04-25 22:56:00
Important: gzip
2022-05-31 23:47:00
fedora
fedora
[SECURITY] Fedora 36 Update: xz-5.2.5-9.fc36
2022-05-02 19:43:52
[SECURITY] Fedora 35 Update: gzip-1.10-6.fc35
2022-04-20 19:13:37
[SECURITY] Fedora 35 Update: xz-5.2.5-9.fc35
2022-04-21 21:22:38
slackware
slackware
[slackware-security] gzip
2022-04-14 21:21:03
[slackware-security] xz
2022-04-14 21:21:34
freebsd
freebsd
zgrep -- arbitrary file write
2022-04-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package gzip version 1.12-alt1
2022-04-11 00:00:00
suse
suse
Security update for xz (important)
2022-04-12 00:00:00
archlinux
archlinux
[ASA-202204-8] xz: arbitrary command execution
2022-04-07 00:00:00
zdi
zdi
Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability
2022-04-12 00:00:00
debian
debian
[SECURITY] [DSA 5123-1] xz-utils security update
2022-04-18 19:36:12
[SECURITY] [DSA 5122-1] gzip security update
2022-04-18 19:31:16
[SECURITY] [DLA 2976-1] gzip security update
2022-04-10 13:01:05
alpinelinux
alpinelinux
CVE-2022-1271
2022-08-31 16:15:09

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for 844D4377DE7D11C183AEF7BEEBFF5150237624CCAE269BEC3996C7B05598840C
cloudfoundry4nessus69openvas41osv16cvelist1redhat14ubuntucve2redhatcve1ubuntu5ibm3f51rocky5centos2cve1oraclelinux6nvd1prion1almalinux4veracode2redos2debiancve2amazon2fedora3slackware2freebsd1altlinux1suse1archlinux1zdi1debian3alpinelinux1