CVE-2024-40680Memory Allocation with Excessive Size Value in IBM MQ

CWE-789Memory Allocation with Excessive Size ValueCWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM MQIBM MQ Operator
Timeline
PublishedSep 7

Description

IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/mq9.3 CD, 9.4 LTS, 9.4 CD
NVDibm/mq_operator2.0.26, 3.2.4+1

🔴Vulnerability Details

2
CVEList
IBM MQ denial of service2024-09-07
GHSA
GHSA-24xq-67qf-j3xr: IBM MQ Operator 22024-09-07
CVE-2024-40680 — IBM MQ vulnerability | cvebase