CVE-2005-4866 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2 Universal Database

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.7%

top 17.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedDec 31

Latest updateMay 1

Description

Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/db2_universal_database5 versions+4

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-2w2j-gfqg-fwgm: Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8↗2022-05-01

▶

CVEList

CVE-2005-4866: Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8↗2007-10-06

▶