CVE-2003-0837 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2 Universal Database

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 18.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedNov 17

Latest updateApr 29

Description

Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/db2_universal_database7.2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-q4wf-423c-m432: Stack-based buffer overflow in IBM DB2 Universal Data Base 7↗2022-04-29

▶

CVEList

CVE-2003-0837: Stack-based buffer overflow in IBM DB2 Universal Data Base 7↗2003-10-08

▶