When an Message Channel Agent removes a large message from a queue and applies data conversion to the message, the result could overflow the allocated buffer and cause the channel to end abnormally.
CVE(s): CVE-2016-3013
Affected product(s) and affected version(s):
IBM WebSphere MQ V8.0
IBM WebSphere MQ 8.0.0.5 and earlier maintenance levels.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2liLkxZ
X-Force Database: http://ift.tt/2m8ibE3
The post IBM Security Bulletin: IBM WebSphere MQ Channel data conversion denial of service (CVE-2016-3013) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2liEqIQ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.