Lucene search

IBMC782E28D921E60ACB8E9DA8D4E896C767C63812207127F74F0A2911E51EF5864

HistoryJan 04, 2021 - 2:36 p.m.

Security Bulletin: Vulnerability in PCRE affects IBM Netezza SQL Extensions Toolkit

2021-01-0414:36:49

www.ibm.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

PCRE is used by IBM Netezza SQL Extensions Toolkit. IBM Netezza SQL Extensions Toolkit has addressed the applicable CVE by upgrading PCRE to latest version 8.44.

Vulnerability Details

CVEID:CVE-2020-14155
**DESCRIPTION:**PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Netezza SQL Extensions Toolkit	7.2.1.8 and below

Remediation/Fixes

Product	VRMF	Remediation/First Fix
IBM Netezza SQL Extensions Toolkit	7.2.1.10	Link to Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm puredata systemeqany

CPE	Name	Operator	Version
	ibm puredata system	eq	any

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for C782E28D921E60ACB8E9DA8D4E896C767C63812207127F74F0A2911E51EF5864