A problem within the libcurl library means certain file URLs could cause a buffer overwrite within IBM MQ.
CVEID: CVE-2017-9502**
DESCRIPTION:** libcurl is vulnerable to a heap-based buffer overflow, caused by a flaw in the file protocol. By sending a specially-crafted file URL, a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privilege.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127254 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM MQ V9 LTS
IBM MQ V9 CD
IBM MQ V9 LTS
IBM MQ V9 CD
None.