A use-after-free vulnerability has been identified in IBM MQ Operator versions 2.0.0 through 2.0.29, as well as several 3.x versions. When a client connects to an MQ Queue Manager, this vulnerability can cause a segmentation fault (SIGSEGV) in the AMQRMPPA channel process, leading to its termination. The root cause involves improper handling of memory, allowing for a connection to disrupt the channel process.
Exploitation of this vulnerability causes a segmentation fault in the AMQRMPPA channel process, terminating it.
Users can upgrade to IBM MQ Operator v3.5.2 or v3.2.11, both of which include the necessary fix. Additionally, the IBM MQ Container version 9.4.2.1-r1 is also available as a patched option.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
