CVE-2004-2490Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Informix Dynamic Server

3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 70.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Informix Dynamic ServerIBM Informix Extended Parallel Server
Timeline
PublishedDec 31
Latest updateApr 29

Description

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDibm/informix_dynamic_server9.40.uc1, 9.40.uc2+1
NVDibm/informix_extended_parallel_server8.40_uc1, 8.40_uc2+1

🔴Vulnerability Details

2
GHSA
GHSA-x36q-879q-h59v: Buffer overflow in IBM Informix Dynamic Server (IDS) 92022-04-29
CVEList
CVE-2004-2490: Buffer overflow in IBM Informix Dynamic Server (IDS) 92005-10-25
CVE-2004-2490 — IBM vulnerability | cvebase