9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.1%
libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. [CVE-2023-38039, CVE-2023-38545]
CVEID:CVE-2023-38039
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by not limiting the number and size of headers accept in a response. By sending a specially crafted request, a remote attacker could exploit this vulnerability to run out of heap memory, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265946 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-38545
**DESCRIPTION:**libcurl and cURL are vulnerable to a heap-based buffer overflow, caused by the improper handling of hostnames longer than 255 bytes during a slow SOCKS5 proxy handshake. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268045 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Rational ClearCase | 10.0.1 |
IBM Rational ClearCase | 9.1 |
Apply a fix pack as listed in the table below. The fix pack included libcURL 8.1.2 with CVE fixes.
Affected Versions
|
Applying the fix
—|—
9.1 through 9.1.0.5| Install Rational ClearCase Fix Pack 6 (9.1.0.6) for 9.1
10.0.1| Install Rational ClearCase Fix Pack 1 (10.0.1.1) for 10.0.1
For 9.0.2.X and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
_For 10.0.0.x releases, IBM recommends upgrading to 10.0.1.x release. _
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.1%