CVE-2025-2900
14.05.2025, 19:15
IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ibm | semeru_runtime | 8.0.302.0 ≤ 𝑥 ≤ 8.0.442.0 |
| ibm | semeru_runtime | 11.0.12.0 ≤ 𝑥 ≤ 11.026.0 |
| ibm | semeru_runtime | 17.0.0.0 ≤ 𝑥 ≤ 17.0.14.0 |
| ibm | semeru_runtime | 21.0.0.0 ≤ 𝑥 ≤ 21.0.6.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.