Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Published: 2023-02-14

Risk	High
Patch available	YES
Number of vulnerabilities	5
CVE-ID	CVE-2022-40303 CVE-2021-46848 CVE-2022-43680 CVE-2022-40304 CVE-2022-3821
CWE-ID	CWE-190 CWE-193 CWE-416 CWE-399
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	IBM MQ Operator LTS Other software / Other software solutions IBM supplied MQ Advanced container images Other software / Other software solutions IBM MQ Operator CD Server applications / Other server solutions
Vendor	IBM Corporation

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU68828

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40303

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in parse.c when processing content when XML_PARSE_HUGE is set. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM MQ Operator LTS: before 2.0.7

IBM supplied MQ Advanced container images: before 9.3.1.1-r1

IBM MQ Operator CD: before 2.2.2

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_mq_operator_lts:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6857613

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Off-by-one

EUVDB-ID: #VU68858

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-46848

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an ETYPE_OK off-by-one error in asn1_encode_simple_der in Libtasn1. A remote attacker can pass specially crafted data to the application, trigger an off-by-one error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM MQ Operator LTS: before 2.0.7

IBM supplied MQ Advanced container images: before 9.3.1.1-r1

IBM MQ Operator CD: before 2.2.2

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_mq_operator_lts:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6857613

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Use-after-free

EUVDB-ID: #VU68718

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-43680

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM MQ Operator LTS: before 2.0.7

IBM supplied MQ Advanced container images: before 9.3.1.1-r1

IBM MQ Operator CD: before 2.2.2

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_mq_operator_lts:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6857613

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Resource management error

EUVDB-ID: #VU68829

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40304

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in entities.c due to the way libxml2 handles reference cycles. The library does not anticipate that entity content can be allocated from a dict and clears it upon reference cycle detection by setting its first byte to zero. This can lead to memory corruption issues, such as double free errors and result in a denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM MQ Operator LTS: before 2.0.7

IBM supplied MQ Advanced container images: before 9.3.1.1-r1

IBM MQ Operator CD: before 2.2.2

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_mq_operator_lts:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6857613

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Off-by-one

EUVDB-ID: #VU69807

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-3821

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM MQ Operator LTS: before 2.0.7

IBM supplied MQ Advanced container images: before 9.3.1.1-r1

IBM MQ Operator CD: before 2.2.2

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_mq_operator_lts:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6857613

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?