SB2023110307 - Multiple vulnerabilities in IBM MQ Operator and Queue manager container images 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023110307

SB2023110307 - Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Published: November 3, 2023 Updated: March 7, 2025

Security Bulletin ID SB2023110307
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 11% Medium 44% Low 44%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2023-4813)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the gaih_inet() function when the getaddrinfo() function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.



2) Buffer overflow (CVE-ID: CVE-2023-29491)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.



3) Use-after-free (CVE-ID: CVE-2023-4806)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the getaddrinfo() function. A remote attacker can perform a denial of service (DoS) attack.



4) Resource exhaustion (CVE-ID: CVE-2023-45177)

The vulnerability allows a remote logic to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote logic can trigger resource exhaustion and perform a denial of service (DoS) attack.


5) Out-of-bounds read (CVE-ID: CVE-2023-4527)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the getaddrinfo() function called with the AF_UNSPEC address family. A remote attacker with control over DNS server can send a DNS response via TCP larger than 2048 bytes, trigger an out-of-bounds read and crash the application or gain access to potentially sensitive information.

Successful exploitation of the vulnerability requires that system is configured with no-aaaa mode via /etc/resolv.conf.




6) Uncontrolled Memory Allocation (CVE-ID: CVE-2020-8552)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Kubernetes API server component due to improper allocation of memory. A remote attacker can send a specially crafted API request and cause a denial of service condition on the target system.


7) Heap-based buffer overflow (CVE-ID: CVE-2023-38545)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the SOCKS5 proxy handshake. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that SOCKS5 proxy is used and that SOCKS5 handshake is slow (e.g. under heavy load or DoS attack).


8) External control of file name or path (CVE-ID: CVE-2023-38546)

The vulnerability allows an attacker to inject arbitrary cookies into request.

The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none (using the four ASCII letters, no quotes).

Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl.

9) Buffer overflow (CVE-ID: CVE-2023-4911)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of GLIBC_TUNABLES environment variable. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References