Published: 2023-04-06
Risk
Medium
Patch available
YES
Number of vulnerabilities
1
CVE-ID
CVE-2022-41717
CWE-ID
CWE-770
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #1 is available.
Vulnerable softwareSubscribe
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data Server applications / Other server solutions
Vendor
IBM Corporation
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU70334
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-41717
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Mitigation
Install update from vendor's website.
Vulnerable software versions
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data : before 4.6.4
CPE2.3 External links
http://www.ibm.com/support/pages/node/6967677
Q & A
Can this vulnerability be exploited remotely?
Is there kn ..
Support the originator by clicking the read the rest link below.