CVE-2024-39743: IBM MQ Container denial of service

Q: What is the severity of CVE-2024-39743?

CVE-2024-39743 has a high severity rating due to its potential to cause denial of service.

Q: How do I fix CVE-2024-39743?

To fix CVE-2024-39743, update any affected IBM MQ container versions to the latest release.

Q: What causes the CVE-2024-39743 vulnerability?

CVE-2024-39743 is caused by incorrect memory de-allocation, which can be exploited by a remote attacker.

Q: Which IBM MQ versions are affected by CVE-2024-39743?

CVE-2024-39743 affects IBM MQ Container Developer Edition versions 3.2.0 and 3.2.1.

Q: Can CVE-2024-39743 be exploited remotely?

Yes, CVE-2024-39743 can be exploited remotely by an attacker to consume server memory resources.

Published Jul 5, 2024

Updated

IBM MQ Container Developer Edition 3.2.0 and IBM MQ Container Developer Edition 3.2.1 is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.

Other sources

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.

— NVD

Affected Software

10 affected components

IBM MQ Operator<=SC2 (formerly LTS): v3.2.0, v3.2.1CD: v3.0.0, v3.0.1, v3.1.0 - 3.1.3 LTS: v2.0.0 - 2.0.23 Other Release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2

IBM supplied MQ Advanced container images<=CD: 9.4.0.0-r1, 9.3.4.0-r1, 9.3.4.1-r1,9.3.5.0-r1,9.3.5.0-r2,9.3.5.1-r1, 9.3.5.1-r2LTS: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3 Other Release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2

IBM MQ Operator>=2.0.0<2.0.24

IBM MQ Operator>=2.2.0<=2.2.2

IBM MQ Operator>=2.3.0<=2.3.3

IBM MQ Operator>=2.4.0<=2.4.8

IBM MQ Operator>=3.1.0<=3.1.3

IBM MQ Operator>=3.2.0<3.2.2

IBM MQ Operator=3.0.0

IBM MQ Operator=3.0.1

Event History

Jul 5, 2024

CVE Published

via IBM·12:00 AM

Jul 8, 2024

CVE Published

via MITRE·01:14 PM

Data Sourced

via MITRE·01:14 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·02:15 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7159714

Frequently Asked Questions

What is the severity of CVE-2024-39743?

CVE-2024-39743 has a high severity rating due to its potential to cause denial of service.

How do I fix CVE-2024-39743?

To fix CVE-2024-39743, update any affected IBM MQ container versions to the latest release.

What causes the CVE-2024-39743 vulnerability?