Lucene search

IBM5CDB62939BDB1AEB58D3A45D9E041527DD99AB90D539C49AF6D6B260D17BDD64

HistoryJan 17, 2020 - 4:59 p.m.

Security Bulletin: Security vulnerability affects IBM Cloud Object Storage SDK Python (January 2020 Bulletin)

2020-01-1716:59:43

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

Security vulnerability affects IBM Cloud Object Storage SDK Python. The vulnerability has been addressed in the latest SDK 2.6.0 release.

Vulnerability Details

CVE-ID: CVE-2019-18874
Description: psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVSS Base Score: 5.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/171612 for more information
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
COS SDK Python	Prior to 2.6.0

Remediation/Fixes

*IBM COS SDK Releases*IBM COS SDK Releases	Link to Fix / Fix Availability Target
COS SDK Python 2.6.0

<https://github.com/IBM/ibm-cos-sdk-python/tree/2.6.0>

Workarounds and Mitigations

*IBM COS SDK Releases*IBM COS SDK Releases	Link to Fix / Fix Availability Target
COS SDK Python 2.6.0

<https://github.com/IBM/ibm-cos-sdk-python/tree/2.6.0>

CPENameOperatorVersion
ibm cloud object storage systemeq2.6.0

CPE	Name	Operator	Version
	ibm cloud object storage system	eq	2.6.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for 5CDB62939BDB1AEB58D3A45D9E041527DD99AB90D539C49AF6D6B260D17BDD64