IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.
ProductVersion(s)APARRemediation/First FixIBM WebSphere eXtreme Scale8.6.1.0 - 8.6.1.6PH71946
For older versions, upgrade to latest fixpack 8.6.1.6 and then apply the PH71946 iFix. If you are using 8.6.1.6 directly apply the PH71946 iFix.
Recommended Fixes page for WebSphere eXtreme Scale http://www.ibm.com/support/docview.wss