Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue.
CVEID:CVE-2024-2398
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM CICS TX Advanced | 10.1 |
IBM strongly recommends addressing the vulnerabilities now by upgrading IBM CICS TX Advanced.
Product | Version | Platform | Remediation/Fix |
---|---|---|---|
IBM CICS TX Advanced |
10.1
| Linux|
Download the upgrade from Fix Central
None
CPE | Name | Operator | Version |
---|---|---|---|
cics tx advanced | eq | 10.1 |