SB2025062029 - Multiple vulnerabilities in IBM Security Guardium 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025062029

SB2025062029 - Multiple vulnerabilities in IBM Security Guardium

Published: June 20, 2025

Security Bulletin ID SB2025062029
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Heap-based buffer over-read (CVE-ID: CVE-2017-9050)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the xmlDictAddString function of XMLSoft libxml2 due to improper bounds checking in the dict.c code. A remote attacker can send a specially crafted request, trigger heap-based buffer over-read condition and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.


2) Heap-based buffer over-read (CVE-ID: CVE-2017-9049)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the xmlDictComputeFastKey function of XMLSoft libxml2 due to improper bounds checking in the dict.c code. A remote attacker can send a specially crafted request, trigger heap-based buffer over-read condition and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.


3) Stack-based buffer overflow (CVE-ID: CVE-2017-9048)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the xmlSnprintfElementContent function of XMLSoft libxml2 due to improper bounds checking in the valid.c code. A remote attacker can send a specially crafted request, trigger stack-based buffer overflow condition and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.


4) Memory corruption (CVE-ID: CVE-2017-9047)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the xmlSnprintfElementContent function of XMLSoft libxml2 due to improper memory handling by the valid.c source code. A remote attacker can send a specially crafted XML file, trigger memory corruption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.


Remediation

Install update from vendor's website.

References