CVE-2020-4375 — Missing Release of Memory after Effective Lifetime in IBM MQ Appliance

CWE-401 — Missing Release of Memory after Effective Lifetime CWE-772 — Missing Release of Resource after Effective Lifetime3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 53.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ Appliance

Timeline

PublishedJul 28

Latest updateMay 24

Description

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/mq_appliance8.0 — 8.0.0.15+2

▶CVEListV5ibm/mq_appliance8.0, 9.1.CD, 9.1.LTS+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-3qwg-86mf-pw6m: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8↗2022-05-24

▶

CVEList

CVE-2020-4375: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8↗2020-07-28

▶