Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only
Back to discussions
Expand all | Collapse all

CVE-2023-36328 tcl vulnerability

  • 1.  CVE-2023-36328 tcl vulnerability

    Posted Thu November 14, 2024 04:06 PM

    Anyone with insights into this? We asked IBM Support under what circumstances a server is vulnerable ie which service/port and they referred to this group.

    Currently we are scrambling to have the patch implemented as quick as possible without knowing for sure if this panic is warranted.

    Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2023-36328) due to tcl

    Regards,

    Hans Chr. Riksheim



    ------------------------------
    Hans Christian Riksheim
    ------------------------------

    #AIXOpenSource


  • 2.  RE: CVE-2023-36328 tcl vulnerability

    Posted Fri November 15, 2024 03:54 AM

    Hi 

    This issue related to libtommath library  and tcl server/service will be using this library for math related operations. So without understanding code base, it's not easy list out the vulnerable use case or how reporter of this issue exploited the relevant API's.
    AS CVE score is high, I would recommend to install the patch.

    Thanks
    Ranjit



    ------------------------------
    Ranjit Ranjan
    ------------------------------

    Original Message


Related Content