CVE-2025-3631
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-23
Assigner: IBM Corporation
Description
Description
An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | mq_appliance | From 9.3.2 (inc) to 9.3.5.2 (inc) |
| ibm | mq_appliance | From 9.4.0.0 (inc) to 9.4.0.12 (exc) |
| ibm | mq_appliance | From 9.4.0.0 (inc) to 9.4.3 (exc) |
| ibm | mq_appliance | From 9.4.1.0 (inc) to 9.4.3.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in IBM MQ versions 9.3 and 9.4 Client when connecting to an MQ Queue Manager. It can cause a segmentation fault (SIGSEGV) in the AMQRMPPA channel process, which results in the termination of that process.
How can this vulnerability impact me? :
The impact of this vulnerability is that the AMQRMPPA channel process can be terminated unexpectedly due to a segmentation fault. This can lead to disruption of messaging services and potential denial of service in environments using IBM MQ 9.3 or 9.4 Clients.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70