CVE-2015-2013 — Use After Free in IBM Websphere MQ

CWE-399 CWE-416 — Use After Free CWE-125 — Out-of-bounds Read32 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere MQ

Timeline

PublishedSep 14

Latest updateMay 17

Description

IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_mq13 versions+12

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-7rc4-4mhp-v4cw: IBM WebSphere MQ 7↗2022-05-17

▶

OSV

linux-lts-vivid vulnerabilities↗2016-03-14

▶

OSV

linux-lts-utopic vulnerabilities↗2016-03-14

▶

OSV

linux-lts-utopic vulnerabilities↗2016-02-02

▶

CVEList

CVE-2015-2013: IBM WebSphere MQ 7↗2015-09-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132)↗2015-12-14

▶

Exploit-DB

Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)↗2015-09-16

▶

Exploit-DB

Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002)↗2015-08-07

▶

Exploit-DB

INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service↗2015-07-07

▶

Exploit-DB

MiniUPnPd 1.0 (MIPS) - Remote Stack Overflow Remote Code Execution for AirTies RT Series↗2015-04-27

▶

📋Vendor Advisories

Red Hat

webkitgtk: use-after-free vulnerability in the handling of input (WSA-2015-0001)↗2015-01-26

▶

Red Hat

webkitgtk: use-after-free in the HTMLFormElement::prepareForSubmission() (WSA-2015-0001)↗2015-01-26

▶

Red Hat

webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001)↗2015-01-26

▶

💬Community

Bugzilla

CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted↗2016-01-12

▶

Bugzilla

CVE-2013-7446 kernel: Unix sockets use after free - peer_wait_queue prematurely freed↗2015-11-17

▶

Bugzilla

CVE-2013-7444 CVE-2015-6737 CVE-2015-6736 CVE-2015-6727 CVE-2015-6733 CVE-2015-6732 CVE-2015-6731 CVE-2015-6730 CVE-2015-6728 CVE-2015-6729 CVE-2015-6735 CVE-2015-6734 mediawiki: multiple security fix↗2015-08-13

▶

Bugzilla

CVE-2015-3427 quassel: SQL injection flaw (incomplete fix for CVE-2013-4422)↗2015-04-28

▶

Bugzilla

CVE-2013-2875 webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001)↗2015-01-27

▶