Lucene search

K
ibmIBM65BFBB92F73C8EE43BF2F02AA8B8FDD9A9B09D77EDA21F4851A2DFF2CE329B40
HistoryMay 24, 2024 - 2:17 p.m.

Security Bulletin: Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1

2024-05-2414:17:21
www.ibm.com
2
ibm
cics tx advanced
curl package
vulnerability
denial of service
memory leak
http/2
server push

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

Summary

Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue.

Vulnerability Details

CVEID:CVE-2024-2398
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM CICS TX Advanced 10.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities now by upgrading IBM CICS TX Advanced.

Product Version Platform Remediation/Fix
IBM CICS TX Advanced

10.1

| Linux|

Download the upgrade from Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcics_txMatch10.1
CPENameOperatorVersion
cics tx advancedeq10.1

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%