Saturday, July 20, 2024
HomeIndiaCERT-In finds multiple bugs in 'Golang Go' that affect IBM's data management...

CERT-In finds multiple bugs in ‘Golang Go’ that affect IBM’s data management software

New Delhi, June 22: The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, has warned users of multiple vulnerabilities in the ‘Golang Go’ programming language affecting IBM Storage Copy Data Management software. As per the CERT-In advisory, the multiple vulnerabilities — ‘arbitrary code execution vulnerability’ and ‘denial of service vulnerability’ — could allow an attacker to execute arbitrary code or cause a denial of service condition on the targeted system. The arbitrary code execution vulnerability exists in IBM software due to a flaw in Golang Go during the build on Darwin.

“An attacker could exploit this vulnerability by building a specially crafted Go module. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system,” the cyber agency said. On the other hand, the denial of service vulnerability exists in IBM Storage Copy Data Management due to a flaw in Golang Go which causes high CPU usage in the ‘extractExtendedRCode’ function in the net module. “A remote attacker could exploit this vulnerability by sending a specially crafted DNS message in response to a query,” the advisory mentioned. Successful exploitation of this vulnerability could allow an attacker to cause a denial of service condition on the targeted system. CERT-In has suggested users apply appropriate fix/patches as recommended by the company.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular