CVE-2008-4563 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Tivoli Storage Manager

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

38.9%

top 2.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager IBM Tivoli Storage Manager Express

Timeline

PublishedMar 11

Latest updateMay 2

Description

Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/tivoli_storage_manager_express4 versions+3

▶NVDibm/tivoli_storage_manager16 versions+15

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-pxfc-8f3m-gmg5: Heap-based buffer overflow in adsmdll↗2022-05-02

▶

CVEList

CVE-2008-4563: Heap-based buffer overflow in adsmdll↗2009-03-11

▶