Low Severity

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNU Tar (CVE-2019-9923).

Share this post:

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNU Tar, caused by a NULL point dereference in the pax_decode_header in sparse.c (CVE-2019-9923). A remote attacker could exploit this vulnerability to cause the application to crash. GNU Tar is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below.

CVE(s): CVE-2019-9923

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 – 4.5.0

 

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6610238
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158908

More stories

Security Bulletin: IBM Tivoli Monitoring Basic Services is vulnerable to a denial of service attack in zlib component (CVE-2018-25032)

September 30, 2022 | Low Severity

Fixes a vulnerability reported in the zlib that is used by IBM Tivoli Monitoring for historical data collection (CVE-2018-25032). ...read more


Security Bulletin: IBM Content Manager OnDemand for IBM i is affected by a vulnerability CVE-2018-25032

September 30, 2022 | Low Severity

There is vulnerability in Zlib used by IBM Content Manager OnDemand for IBM i. IBM Content Manager OnDemand for IBM i has addressed the applicable CVE. ...read more


Security Bulletin: Vulnerabilities in Redis affect IBM Event Streams (CVE-2022-24736, CVE-2022-24735)

September 30, 2022 | Low Severity

There are a number of vulnerabilities in Redis that is used by IBM Event Streams. ...read more