Critical Vulnerabilities in IBM products (CVE-2021-42694, CVE-2023-36328)

Published On: Nov 08, 2024 22:42

Advisory No: TZCERT-SA-24-0042

Source: IBM

Software Affected: Unicode, libtom

Overview

Multiple IBM products are vulnerable to critical vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code.

Description

IBM products depending on Unicode, and libtom are affected by critical vulnerabilities tracked as CVE-2021-42694, and CVE-2023-36328 with CVSS base scores of 9.8 each. The vulnerabilities result from insufficient visual distinction of visually similar or identical glyphs that are presented to the user, and improper bounds checking by mp_grow. The attacker can exploit these vulnerabilities by sending a specially crafted request to execute arbitrary code and cause a denial of service (DoS).

Impact

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident