7.8

CVE-2007-5652

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption.  NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Updatefp3a Version <= 9.1
IbmDb2 Version9.1 Updatefp1
IbmDb2 Version9.1 Updatefp2
IbmDb2 Version9.1 Updatefp2a
IbmDb2 Version9.1 Updatefp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.79% 0.755
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://secunia.com/advisories/27177
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21283031
Patch
http://www.ibm.com/support/docview.wss?uid=swg1LI72519
http://www.securityfocus.com/bid/26450
http://www.vupen.com/english/advisories/2007/3538
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3867
Vendor Advisory