CVE-2006-3067 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2 Universal Database

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.6%

top 18.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedJun 19

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/db2_universal_database8.1+2

Patches

Patch: secunia.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rvrm-cr8c-68mp: Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8↗2022-05-01

▶

CVEList

CVE-2006-3067: Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8↗2006-06-19

▶