3.5

CVE-2014-3095

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.

Data is provided by the National Vulnerability Database (NVD)
IbmDb2 Version9.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.2
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.2 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.3 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.3 Updateb
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.4
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.4 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.6 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.7
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.8
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.9
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.5.0.10
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.2
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.4
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.6
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.7
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.8
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.9
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.7.0.9 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.8
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.8.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.8.0.4
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version9.8.0.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.2
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.3 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.1.0.4
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5.0.1
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5.0.2
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5.0.3
   LinuxLinux Kernel
   MicrosoftWindows
IbmDb2 Version10.5.0.3 Updatea
   LinuxLinux Kernel
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.72% 0.818
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.