Security Bulletin: A vulnerability in libcURL affect IBM Rational ClearCase.

Summary

libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. CVE-2023-23916

Vulnerability Details

CVEID:CVE-2023-23916
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a flaw in the decompression chain implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause memory errors, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

Apply a fix pack as listed in the table below.

Affected Versions

|

Applying the fix

—|—
9.1 through 9.1.0.4| Install Rational ClearCase Fix Pack 5 (9.1.0.5) for 9.1
9.0.2 through 9.0.2.7| Install Rational ClearCase Fix Pack 8 (9.0.2.8) for 9.0.2

For 9.0.2.X and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

_For 10.0.0.x releases, IBM recommends upgrading to 10.0.1.x release. _

Workarounds and Mitigations

None