CVE-2023-45167

Name of the Vulnerable Software and Affected Versions IBM AIX version 7.3

Description The issue is related to the Python implementation in IBM AIX, which could allow a non-privileged local user to cause a denial of service due to insufficient input validation. A race condition in the SSLSocket module may also allow a remote attacker to bypass security restrictions by injecting a malicious client certificate into the connection, potentially gaining access to the server's resources without authentication.

Recommendations For IBM AIX version 7.3, consider disabling the vulnerable Python implementation until a patch is available. As a temporary workaround, restrict access to the SSLSocket module to minimize the risk of exploitation. Avoid using the affected Python implementation for remote connections until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.