3.5

CVE-2014-3095

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Version9.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.2
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.2 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.3 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.3 Updateb
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.4
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.4 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.6 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.7
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.8
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.9
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.10
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.2
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.4
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.6
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.7
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.8
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.9
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.9 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.8
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.8.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.8.0.4
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.8.0.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.2
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.3 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.4
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5.0.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5.0.2
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5.0.3 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.12% 0.795
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/60845
http://secunia.com/advisories/58725
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646
http://www-01.ibm.com/support/docview.wss?uid=swg21681623
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683297
http://www.securityfocus.com/bid/69546
https://exchange.xforce.ibmcloud.com/vulnerabilities/94263