IBM Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2017-10989)
SQLite is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by getNodeSize function in ext/rtree/rtree.c. By using a specially-crafted database, a remote attacker could overflow a buffer and cause unspecified impacts on the system.
CVE(s): CVE-2017-10989
Affected product(s) and affected version(s):
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4 is affected
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zc4VYo
X-Force Database: http://ift.tt/2h9mEc4
The post IBM Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2017-10989) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2zbAlxU