6.2

CVE-2017-1304

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458.

Data is provided by the National Vulnerability Database (NVD)
IbmElastic Storage Server Version2.0.0
IbmElastic Storage Server Version2.5.0
IbmElastic Storage Server Version2.5.5
IbmElastic Storage Server Version3.0.0
IbmElastic Storage Server Version3.0.5
IbmElastic Storage Server Version3.5.0
IbmElastic Storage Server Version3.5.6
IbmElastic Storage Server Version4.0.0
IbmElastic Storage Server Version4.0.6
IbmElastic Storage Server Version4.5.0
IbmElastic Storage Server Version4.6.0
IbmElastic Storage Server Version5.0.0
IbmElastic Storage Server Version5.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.186
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.2 1.4 4.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/99274
Third Party Advisory
VDB Entry