Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1051Use of Externally-Controlled Format String in IBM DB2

6 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 84.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM DB2
Timeline
PublishedSep 28
Latest updateApr 29

Description

Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDibm/db29.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-rj45-5jmh-9g9j: Multiple format string vulnerabilities in IBM DB2 Universal Database 82022-04-29
CVEList
CVE-2003-1051: Multiple format string vulnerabilities in IBM DB2 Universal Database 82004-08-20

💥Exploits & PoCs

3
Exploit-DB
IBM DB2 - 'db2govd' Format String Arbitrary Code Execution2003-11-07
Exploit-DB
IBM DB2 - 'db2start' Format String Arbitrary Code Execution2003-11-07
Exploit-DB
IBM DB2 - 'db2stop' Format String Arbitrary Code Execution2003-11-07
CVE-2003-1051 — IBM DB2 vulnerability | cvebase