An IBM MQ Vulnerability has been addressed.
In May, The NATIONAL VULNERABILITY DATABASE published that applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service (DoS). According to IBM, this left an IBM MQ Vulnerability to DoS attacks.
IBM MQ Vulnerability Details
OpenSSL versions 3.0.x, 3.1.x, 1.1.1, and 1.0.2 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service. A remote attacker could exploit this vulnerability by sending a correctly crafted request designed to cause a denial of service.
LTS versions of MQ from 9.0 through 9.3 as well as 9.3 CD are affected. In addition, the Advanced Message Security (AMS), and MacOS Toolkit are affected.