6.9
CVE-2007-4276
- EPSS 0.5%
- Veröffentlicht 18.08.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:43
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Db2 Universal Database Updatefp14 Version <= 8.0
Ibm ≫ Db2 Universal Database Editionfp2 Version <= 9.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.387 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.attrition.org/pipermail/vim/2007-August/001765.html
http://secunia.com/advisories/26471
http://securitytracker.com/id?1018581
http://www-1.ibm.com/support/docview.wss?uid=swg21255352
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://www.securityfocus.com/bid/25339
http://www.vupen.com/english/advisories/2007/2912
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=583
http://www-1.ibm.com/support/docview.wss?uid=swg1IY97346
http://www-1.ibm.com/support/docview.wss?uid=swg1IY99311
https://exchange.xforce.ibmcloud.com/vulnerabilities/36067