Main Vulnerability Database SB2024082791

SB2024082791 - Uncontrolled Memory Allocation in IBM Watson Discovery for IBM Cloud Pak for Data

Published: August 27, 2024

Security Bulletin ID SB2024082791

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Uncontrolled Memory Allocation (CVE-ID: CVE-2024-4068)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. A remote attacker can send "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7161871