Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java (CVE-2022-3509).
Discription

Summary IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite. They are most often used for defining communications protocols (together with gRPC) and for data storage. Vulnerability Details ** CVEID: CVE-2022-3509 DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for textformat data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. CVSS Base score: 5.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239915 for the current score. CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Event Streams| 11.1.6-11.3.2 Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading Upgrade to IBM Event Streams 11.4.0 by following the upgrading and migrating documentation. Workarounds and Mitigations…Read More

Back to Main

Subscribe for the latest news: