Published On: Feb 14, 2025 11:44
Advisory No: TZCERT-SA-25-0058
Source: IBM
Software Affected: GNU libksba, cURL libcurl, Apache Avro, cryptography
IBM products are vulnerable to multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary code.
Multiple IBM products depending on GNU libksba, cURL libcurl, Apache Avro, and cryptography package are affected by vulnerabilities tracked as CVE-2022-3515, CVE-2022-27782, CVE-2023-39410, and CVE-2020-36242 with CVSS scores of 9.8 and 9.1. The plugins are vulnerable due to integer overflow in the CRL parser, easy connection reuse flaw for TLS and SSH, unsafe deserialization flaw and buffer overflow. The vulnerabilities allow attackers to execute arbitrary code on the system or cause a denial of service or to bypass access restrictions.
Successful exploitation of these vulnerabilities may allow the attackers to take control of affected system.
IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
