SB2022120218 - IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data update for Vim
Published: December 2, 2022
Security Bulletin ID
SB2022120218
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2022-1629)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a boundary condition in find_next_quote() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error, perform a denial of service attack, modify memory, and execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-buffer-overflow-in-vim-cve-2022-1629/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-buffer-overflow-in-vim-cve-2022-1629/</a></p><p>
- https://www.ibm.com/support/pages/node/6843873</p><p><br></p>