IBMFDA43F7DF30074F4AF0E6155628B1C8229EAEC77E6C4E6672FB6C761FA61110CSecurity Bulletin: IBM MQ Channel data conversion denial of service (CVE-2016-3013)
EPSS
Percentile
30.5%
Summary
When an Message Channel Agent removes a large message from a queue and applies data conversion to the message, the result could overflow the allocated buffer and cause the channel to end abnormally.
Vulnerability Details
CVEID: CVE-2016-3013**
DESCRIPTION:** IBM MQ could allow an authenticated user to crash the MQ channel due to improper data conversion handling.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114276 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM MQ V9.0
IBM MQ 9.0.0.0.
IBM MQ V8.0
IBM MQ 8.0.0.5 and earlier maintenance levels.
Remediation/Fixes
IBM MQ V9.0
Apply 9.0.0.1 maintenance level.
IBM MQ V8.0
Apply 8.0.0.6 maintenance level.
Workarounds and Mitigations
None.
Related
EPSS
Percentile
30.5%