Main Vulnerability Database SB2025062027

SB2025062027 - IBM Storage Fusion Data Foundation update for Node.js braces

Published: June 20, 2025

Security Bulletin ID SB2025062027

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Uncontrolled Memory Allocation (CVE-ID: CVE-2024-4068)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. A remote attacker can send "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7237324