IBM Security Bulletin: IBM WebSphere MQ Channel data conversion denial of service (CVE-2016-3013)

When an Message Channel Agent removes a large message from a queue and applies data conversion to the message, the result could overflow the allocated buffer and cause the channel to end abnormally.

CVE(s): CVE-2016-3013

Affected product(s) and affected version(s):

IBM WebSphere MQ V8.0

IBM WebSphere MQ 8.0.0.5 and earlier maintenance levels.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2liLkxZ
X-Force Database: http://ift.tt/2m8ibE3

The post IBM Security Bulletin: IBM WebSphere MQ Channel data conversion denial of service (CVE-2016-3013) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2liEqIQ