8.4

CVE-2020-5025

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Version >= 11.1.0.0 < 11.1.4.6
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version >= 11.5 < 11.5.5.0
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Update-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp1
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp10
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp2
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp3
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp3a
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp4
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp5
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp6
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp7
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp8
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp9
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp9a
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Update-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp1
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp2
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp3
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp3a
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp4
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp5
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Update-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp1
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp2
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp3
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp3a
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp4
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp5
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp6
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp7
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp8
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp9
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
NetappOncommand Insight Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.533
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@us.ibm.com 8.4 2.5 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.