Lucene search
IBM0FEE68E7447C483B38E1FACBCBFA36698F225938DE55B5467A388604C6E0FF46HistoryOct 02, 2023 - 1:50 p.m.
Security Bulletin: Operations Dashboard is vulnerable to denial of service due to Go (CVE-2023-24534)
2023-10-0213:50:14
www.ibm.com
21
operations dashboard
denial of service
vulnerability
golang go
cve-2023-24534
memory exhaustion
http
mime header
ibm cloud pak
upgrade
0.002 Low
EPSS
Percentile
59.5%
Summary
Operations Dashboard is vulnerable to denial of service due to Go (CVE-2023-24534) with details below.
Vulnerability Details
CVEID:CVE-2023-24534
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by an memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252276 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Operations Dashboard | 2021.1.1 |
| 2021.2.1 | |
| 2021.3.1 | |
| 2021.4.1 | |
| 2022.2.1 |
Remediation/Fixes
Operations Dashboard in IBM Cloud Pak for Integration
Upgrade Operations Dashboard to 2022.2.1-11-lts using the Operator upgrade process described in the IBM Documentation
<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2022.2?topic=capabilities-upgrading-integration-tracing>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| operations dashboard | eq | 2021.1.12021.2.12021.3.12021.4.12022.2.1 |
Related
nessus
nessus
Amazon Linux 2 : golang (ALAS-2023-2037)
2023-05-17 00:00:00
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2314)
2023-07-09 00:00:00
RHEL 9 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)
2024-04-28 00:00:00
cve
cve
CVE-2023-24534
2023-04-06 16:15:07
redhatcve
redhatcve
CVE-2023-24534
2023-04-04 20:43:18
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2023-24534)
2023-07-27 17:34:21
cvelist
cvelist
CVE-2023-24534 Excessive memory allocation in net/http and net/textproto
2023-04-06 15:50:45
veracode
veracode
Denial Of Service (DoS)
2023-04-11 23:43:20
Denial Of Service (DoS)
2023-04-18 10:56:33
debiancve
debiancve
CVE-2023-24534
2023-04-06 16:15:07
amazon
amazon
Important: golang
2023-05-11 17:49:00
Important: golang
2023-04-13 19:28:00
Important: golang
2023-04-13 19:01:00
cgr
cgr
CVE-2023-24534 vulnerabilities
2024-05-19 03:07:16
prion
prion
Design/Logic Flaw
2023-04-06 16:15:00
alpinelinux
alpinelinux
CVE-2023-24534
2023-04-06 16:15:07
cbl_mariner
cbl_mariner
CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1
2024-06-01 15:23:42
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1
2024-06-01 15:23:42
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1
2024-06-01 15:23:35
ubuntucve
ubuntucve
CVE-2023-24534
2023-04-06 00:00:00
osv
osv
Excessive memory allocation in net/http and net/textproto
2023-04-05 21:04:28
CVE-2023-24534
2023-04-06 16:15:07
BIT-golang-2023-24534
2024-03-06 10:57:03
wolfi
wolfi
CVE-2023-24534 vulnerabilities
2024-06-01 15:24:07
freebsd
freebsd
traefik -- Use of vulnerable Go modules net/http, net/textproto
2023-03-10 00:00:00
go -- multiple vulnerabilities
2023-04-04 00:00:00
github
github
Traefik HTTP header parsing could cause a denial of service
2023-04-11 20:59:22
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2314)
2023-07-10 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2334)
2023-07-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1792-1)
2023-04-07 00:00:00
redhat
redhat
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.8-alt1
2023-04-10 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2023-04-15 22:03:44
ubuntu
ubuntu
Go vulnerabilities
2023-06-06 00:00:00
Go vulnerabilities
2024-01-09 00:00:00
Go vulnerabilities
2023-04-25 00:00:00
almalinux
almalinux
Moderate: grafana security and enhancement update
2023-11-07 00:00:00
Moderate: toolbox security and bug fix update
2023-11-07 00:00:00
Moderate: containernetworking-plugins security and bug fix update
2023-11-07 00:00:00
oraclelinux
oraclelinux
grafana security and enhancement update
2023-11-11 00:00:00
containernetworking-plugins security and bug fix update
2023-11-11 00:00:00
skopeo security update
2023-11-11 00:00:00
redos
redos
ROS-20240418-06
2024-04-18 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0037
2023-06-23 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0425
2023-07-12 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0043
2023-07-04 00:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2023-11-25 00:00:00
0.002 Low
EPSS
Percentile
59.5%
Related for 0FEE68E7447C483B38E1FACBCBFA36698F225938DE55B5467A388604C6E0FF46