CVE-2017-1304Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Elastic Storage Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 78.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Elastic Storage Server
Timeline
PublishedJun 21
Latest updateMay 13

Description

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 1.4 | Impact: 4.7

Affected Packages2 packages

CVEListV5ibm/elastic_storage_server7 versions+6
NVDibm/elastic_storage_server13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-mhfw-47p6-9px9: IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing2022-05-13
CVEList
CVE-2017-1304: IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing2017-06-21

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure2017-09-18
CVE-2017-1304 — IBM vulnerability | cvebase