IBMFB5AE35CB068B603952091743C03AFE3EF5A311E85425A9C776A1F4DFEA7442BSecurity Bulletin: Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1
Summary
CVE-2023-24593, CVE-2023-25180 may affect Ubuntu Operating System packages shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced 10.1 has addressed the applicable CVEs.
Vulnerability Details
CVEID:CVE-2023-24593
**DESCRIPTION:**GNOME GLib is vulnerable to a denial of service, caused by a flaw when handling a malicious text-form variant. By sending a specially crafted input, a local attacker could exploit this vulnerability to cause looping superlinear to its text size, and results in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251339 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-25180
**DESCRIPTION:**GNOME GLib is vulnerable to a denial of service, caused by a flaw when handling a malicious serialised variant. By sending a specially crafted input, a local attacker could exploit this vulnerability to cause allocations or looping superlinear to its serialised size, and results in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251344 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM CICS TX Advanced | 10.1 |
Remediation/Fixes
| Product | Version | Platform | Remediation / Fix |
|---|---|---|---|
| IBM CICS TX Advanced |
10.1
| Linux| Fix Central Link
Workarounds and Mitigations
None
Related
