Lucene search

K
ibmIBM4F8D39F3F464E5E9FD3000C317BC69CF4FEEE9F0605C69E62D810607C6BB87CD
HistoryMar 18, 2021 - 11:22 p.m.

Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway

2021-03-1823:22:56
www.ibm.com
26
ibm voice gateway
node.js
security vulnerabilities
openssl
denial of service

EPSS

0.008

Percentile

82.3%

Summary

Security Vulnerabilities in Node.js affect IBM Voice Gateway.

Vulnerability Details

CVEID:CVE-2021-23840
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196848 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Voice Gateway 1.0.7
Voice Gateway 1.0.6
Voice Gateway 1.0.5
Voice Gateway 1.0.4
Voice Gateway 1.0.3
Voice Gateway 1.0.2.4
Voice Gateway 1.0.2

Remediation/Fixes

Upgrade to IBM Voice Gateway 1.0.7.1

Workarounds and Mitigations

None