CVE-2020-4207

Name of the Vulnerable Software and Affected Versions IBM Watson IoT Message Gateway versions 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2

Description The issue is caused by improper bounds checking when handling a failed HTTP request with specific content in the headers, leading to a buffer overflow. A remote attacker could send a specially crafted HTTP request to overflow a buffer and execute arbitrary code on the system or cause a denial of service.

Recommendations For versions 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2, consider restricting access to the HTTP request handling functionality until a patch is available. As a temporary workaround, avoid using the affected HTTP request handling mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.