SB2024010914 - Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data
Published: January 9, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2018-11698)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the function Sass::handle_error. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
2) Out-of-bounds read (CVE-ID: CVE-2017-11608)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
3) Stack-based buffer overflow (CVE-ID: CVE-2018-19837)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to stack-based buffer overflow in Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp when incorrect parsing of '%' as a modulo operator in parser.cpp. A remote attacker can send a specially crafted sass file, trigger memory corruption and cause the service to crash.
4) Out-of-bounds read (CVE-ID: CVE-2019-6286)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(). A remote attacker can pass specially specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.
5) Heap-based buffer over-read (CVE-ID: CVE-2018-19839)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to heap-based buffer over-read in the function handle_error in sass_context.cpp. A remote attacker can send a specially crafted sass file, trigger memory corruption and cause the service to crash.
6) Out-of-bounds read (CVE-ID: CVE-2019-6284)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Sass::Prelexer::alternatives in prelexer.hpp. A remote attacker can pass specially specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.
7) Out-of-bounds read (CVE-ID: CVE-2019-6283)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Sass::Prelexer::parenthese_scope in prelexer.hpp. A remote attacker can pass specially specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.
8) Uncontrolled Recursion (CVE-ID: CVE-2018-20821)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp. A remote attacker can trigger the vulnerability and gain access to potentially sensitive information.
9) Out-of-bounds read (CVE-ID: CVE-2018-11697)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the function Sass::Prelexer::exactly(). A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and disclose information or manipulated to read from unmapped memory causing a denial of service.
10) NULL pointer dereference (CVE-ID: CVE-2018-11694)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function Sass::Functions::selector_append. A remote attacker can trick the victim into opening specially crafted data and perform a denial of service (DoS) attack.
11) Uncontrolled Recursion (CVE-ID: CVE-2019-18797)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
12) NULL pointer dereference (CVE-ID: CVE-2018-19797)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted sass input file.
13) Resource exhaustion (CVE-ID: CVE-2018-20822)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
14) Stack-based buffer overflow (CVE-ID: CVE-2018-19838)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to stack-based buffer overflow in functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). A remote attacker can send a specially crafted sass file, trigger memory corruption and cause the service to crash.
15) Improper Certificate Validation (CVE-ID: CVE-2020-24025)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to certificate validation is disabled when requesting binaries even if the user is not specifying an alternative download path. A remote attacker can perform MitM attack and compromise the affected application.
16) NULL pointer dereference (CVE-ID: CVE-2018-20190)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp. A remote attacker can trick the victim into opening a specially crafted sass input file and perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2018-19827)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
18) Use-after-free (CVE-ID: CVE-2018-11499)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in handle_error() function in sass_context.cpp in LibSass. A remote attacker can cause a denial of service (application crash) or possibly unspecified other impact.
19) NULL pointer dereference (CVE-ID: CVE-2018-11696)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function Sass::Inspect::operator(). A remote attacker can trick the victim into opening a specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.