SB2025111723 - Multiple vulnerabilities in IBM Storage Virtualize

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025111723

SB2025111723 - Multiple vulnerabilities in IBM Storage Virtualize

Published: November 17, 2025

Security Bulletin ID SB2025111723
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 43% Low 29%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2025-5318)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the sftp_handle() function. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.


2) Integer overflow (CVE-ID: CVE-2025-47268)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an integer overflow within the ping command when handling ICMP Echo Reply packets. A remote attacker can trick the victim to ping a malicious server, trigger an integer overflow and crash the application. 


3) Off-by-one (CVE-ID: CVE-2024-52533)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Integer overflow (CVE-ID: CVE-2025-4373)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the g_string_insert_unichar() function in glib/gstring.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Resource exhaustion (CVE-ID: CVE-2024-12133)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources processing a large number of SEQUENCE OF or SET OF elements in a certificate. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) Integer overflow (CVE-ID: CVE-2025-48964)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in ping. A remote attacker can send a specially crafted ICMP Echo Reply packet to trigger an integer overflow and crash the application.


7) Resource exhaustion (CVE-ID: CVE-2024-12243)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to libtasn1 does not properly control consumption of internal resources when decoding certain DER-encoded certificate data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References