CERT-In Finds Multiple Bugs In 'Golang Go' That Affect IBM's Data Management Software
Date
6/22/2024 12:30:09 PM
(MENAFN- IANS) New Delhi, June 22 (IANS) The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, has warned users of multiple vulnerabilities in the 'Golang Go' programming language affecting IBM Storage Copy Data Management software.
As per the CERT-In advisory, the multiple vulnerabilities -- 'arbitrary code execution vulnerability' and 'denial of service vulnerability' -- could allow an attacker to execute arbitrary code or cause a denial of service condition on the targeted system.
The arbitrary code execution vulnerability exists in IBM software due to a flaw in Golang Go during the build on Darwin.
"An attacker could exploit this vulnerability by building a specially crafted Go module. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system," the cyber agency said.
On the other hand, the denial of service vulnerability exists in IBM Storage Copy Data Management due to a flaw in Golang Go which causes high CPU usage in the 'extractExtendedRCode' function in the net module.
"A remote attacker could exploit this vulnerability by sending a specially crafted DNS message in response to a query," the advisory mentioned.
Successful exploitation of this vulnerability could allow an attacker to cause a denial of service condition on the targeted system.
CERT-In has suggested users apply appropriate fix/patches as recommended by the company.
MENAFN22062024000231011071ID1108360134
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.