CVE-2017-1297

EPSS 0.27%
Published 27.06.2017 16:29:00
Last modified 20.04.2025 01:37:25
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Data Server Client Version-

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Data Server Driver For Odbc And Cli Version-

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Data Server Driver Package Version-

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Data Server Runtime Client Version-

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version9.7 SwEditionadvanced_enterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version9.7 SwEditionadvanced_workgroup

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version9.7 SwEditionenterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version9.7 SwEditionexpress

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version9.7 SwEditionworkgroup

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.1 SwEditionadvanced_enterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.1 SwEditionadvanced_workgroup

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.1 SwEditionenterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.1 SwEditionexpress

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.1 SwEditionworkgroup

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.5 SwEditionadvanced_enterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.5 SwEditionadvanced_workgroup

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.5 SwEditionenterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.5 SwEditionexpress

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.5 SwEditionworkgroup

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version11.1 SwEditionadvanced_enterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version11.1 SwEditionadvanced_workgroup

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version11.1 SwEditionenterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version11.1 SwEditionexpress

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version11.1 SwEditionworkgroup

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version9.7 SwEditionapplication_server

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version9.7 SwEditionenterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version9.7 SwEditionunlimited

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version10.1 SwEditionapplication_server

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version10.1 SwEditionenterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version10.1 SwEditionunlimited

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version10.5 SwEditionapplication_server

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version10.5 SwEditionenterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version10.5 SwEditionunlimited

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version11.1.0.0 SwEditionapplication_server

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version11.1.0.0 SwEditionenterprise

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Db2 Connect Version11.1.0.0 SwEditionunlimited

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.471

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.ibm.com/support/docview.wss?uid=swg22004878

Patch

Vendor Advisory

http://www.securityfocus.com/bid/99271

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038772

https://exchange.xforce.ibmcloud.com/vulnerabilities/125159

Vendor Advisory

https://www.exploit-db.com/exploits/42260/

https://nvd.nist.gov/vuln/detail/CVE-2017-1297

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-1297

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-1297

EUVD