CVE-2002-1583 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2 Universal Database

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.3%

top 49.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedSep 28

Latest updateApr 30

Description

Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/db2_universal_database5 versions+4

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-r4rc-r399-pvjj: Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6↗2022-04-30

▶

CVEList

CVE-2002-1583: Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6↗2004-08-20

▶