Summary
VisiBroker 8.5 Service Pack 4 Hotfix 3 Security Fixes
Environment
VisiBroker 8.5 Service Pack 4 Hotfix 3
All supported platforms.
Question/Problem Description
The following CVEs are addressed in VisiBroker 8.5 Service Pack 4 Hotfix 3.
CVE-2017-9281: Integer Overflow (CWE-190) and Out-of-Bounds Read (CWE-125)
 An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.
CVE-2017-9282: Integer Overflow (CWE-190) and Out-of-Bounds Write (CWE-787)
 An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
CVE-2017-9283: Out-of-Bounds Read (CWE-125)
 An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
Resolution
The three CVEs described above (CVE-2017-9281, CVE-2017-9282, CVE-2017-9183) have been addressed in VisiBroker 8.5 Service Pack 4 Hotfix 3, available from the Micro Focus Product Update page.
Notes
Micro Focus would like to thank Wolfgang Ettlinger (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/) for responsibly reporting these issues and working with us as we addressed them.
#VisiBroker
#cve
#Security

