Lucene search

K
ibmIBMB3078CC20AA0193DE0BA1F24BF600DB307BF3971A7F9CDE1170DAADE21278824
HistoryMay 03, 2021 - 3:03 p.m.

Security Bulletin: Netty security vulnerabilities with ZlibDecoders on IBM Watson Machine Learning Server

2021-05-0315:03:44
www.ibm.com
28
netty
zlibdecoders
ibm watson

EPSS

0.008

Percentile

81.8%

Summary

Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders on IBM Watson Machine Learning Server

Vulnerability Details

CVEID:CVE-2020-11612
**DESCRIPTION:**Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a large ZlibEncoded byte stream, a remote attacker could exploit this vulnerability to exhaust memory resources.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180530 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Machine Learning Server on-prem 2.0.0

Remediation/Fixes

Fix is available on WMLServer 2.0.0.1 release .
Download WMLS from Passport Advantage: <https://www.ibm.com/support/pages/passport-advantage-and-passport-advantage-express&gt;

Workarounds and Mitigations

None

EPSS

0.008

Percentile

81.8%