IBM Semeru Runtime
Moderate fix4 remedies
cpe:2.3:a:ibm:semeru_runtime:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 8.0.302.0, <= 8.0.442.0
- >= 11.0.12.0, <= 11.0.26.0
- >= 17.0.0.0, <= 17.0.14.0
- >= 21.0.0.0, <= 21.0.6.0
IBM Semeru Runtime Denial-of-Service Vulnerability via Buffer Overflow in AES/CBC Encryption
Vulnerability
Patched
A denial-of-service vulnerability has been identified in IBM Semeru Runtime versions 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 21.0.6.0. The issue arises from a buffer overflow in the native AES/CBC encryption implementation, leading to a crash.
Impact
Exploitation of this vulnerability causes a buffer overflow, resulting in a crash of the application.
Remediation
Users can upgrade to IBM Semeru Runtime versions 8.0.452.0, 11.0.27.0, 17.0.15.0, or 21.0.7.0. These releases are available on the IBM Semeru Developer Center and through the GitHub repositories for Semeru 8, 11, 17, and 21. IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
2.5exploitability
4.7remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.