IBM Connections Docs uses zlib in its conversion service. Zlib is vulnerable to denial of service caused by an out-of-bounds pointer arithmetic in inftrees.c, an undefined left shift of negative numbers, or a big-endian out-of-bounds pointer.
CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
Affected product(s) and affected version(s):
| Affected Products | Affected Version |
| IBM Connections Docs | 2.0.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2irFrzU
X-Force Database: http://ift.tt/2lLwOQm
X-Force Database: http://ift.tt/2mlzP6B
X-Force Database: http://ift.tt/2lLuetu
X-Force Database: http://ift.tt/2mlCjlv
The post IBM Security Bulletin: IBM Connections Docs is vulnerable to a denial of service (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2jxKiMs
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.