CVE-2024-39743 — Asymmetric Resource Consumption (Amplification) in IBM MQ Operator

CWE-405 — Asymmetric Resource Consumption (Amplification)CWE-187 — Partial String Comparison4 documents4 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.2%

top 54.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ Operator

Timeline

PublishedJul 8

Latest updateOct 15

Description

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/mq_operator2.0.0 — 2.0.24+7

▶CVEListV5ibm/mq_operator2.0.24, 3.2.2

🔴Vulnerability Details

CVEList

IBM MQ Container denial of service↗2024-07-08

▶

GHSA

GHSA-74r2-gj4j-w655: IBM MQ Operator 3↗2024-07-08

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Outside In Maintenance (lrzip-next) — CVE-2023-39743↗2024-10-15

▶