Lucene search

IBMD718877CC84F54424E65046705B04CB200EEC940A20AA885702F34CF16D5D472

HistoryMar 14, 2024 - 8:34 p.m.

Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.

2024-03-1420:34:33

www.ibm.com

ibm informix

vulnerabilities

heap buffer overflow

archecker

cdr

onsmsync

segmentation fault

bounds checking

execution of arbitrary code

dynamic server

cloud pak for data

remediation

upgrades

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow when invoked with invalid parameters.

Vulnerability Details

CVEID:CVE-2023-28527
**DESCRIPTION:**IBM Informix cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251206 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-28526
**DESCRIPTION:**IBM Informix archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251204 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-28523
**DESCRIPTION:**IBM Informix onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250753 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Informix Dynamic Server	12.10
IBM Informix Dynamic Server	14.10
IBM Informix Dynamic Server on Cloud Pak for Data	All

Remediation/Fixes

Update to IBM Informix Dynamic Server 14.10.FC10W1.

Fix is available on IBM Fix Central - Select Fixes - Informix Server.
Follow the instructions for Database server upgrades in the Informix Servers documentation.

Update to IBM Informix Dynamic Server 12.10.FC16W1.

Fix is available on IBM Fix Central - Select Fixes - Informix Server.
Follow the instructions for Database server upgrades in the Informix Servers documentation.

For IBM Informix Dynamic Server on Cloud Pak for Data, update to CP4D 4.7.2 or later.

Follow the instructions to install or upgrade Informix in the What’s new and changed in Informix in the IBM Cloud Pak for Data documentation.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibminformixMatch14.10

ibminformixMatch4.7

CPENameOperatorVersion
informix serverseq14.10
informix serverseq4.7

CPE	Name	Operator	Version
	informix servers	eq	14.10
	informix servers	eq	4.7

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for D718877CC84F54424E65046705B04CB200EEC940A20AA885702F34CF16D5D472