IBM85A4BD3661E1BA8A6492D0E015FA3D08BDC14861EA2056E757FBC1079FC9E2E9Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to cURL libcurl denial of service vulnerability( CVE-2023-23916)
0.001 Low
EPSS
Percentile
39.0%
Summary
Potential cURL libcurl denial of service vulnerability( CVE-2023-23916) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information.
Vulnerability Details
CVEID:CVE-2023-23916
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a flaw in the decompression chain implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause memory errors, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Watson Assistant for IBM Cloud Pak for Data | 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.5.1, 4.5.3, 4.6. 4.6.2, 4.6.3 |
Remediation/Fixes
For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.7.0 or later releases) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above.
| Product Latest Version | Remediation/Fix/Instructions |
|---|---|
| IBM Watson Assistant for IBM Cloud Pak for Data 4.7.0 |
Follow instructions for Installing Watson Assistant in Link to Release (v4.7.0 release information)
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x>
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
39.0%