CVE-2006-3862 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Informix Dynamic Server

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.4%

top 19.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Informix Dynamic Server

Timeline

PublishedAug 8

Latest updateMay 1

Description

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/informix_dynamic_server5 versions+4

Patches

Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-667p-cr9x-vg3j: Buffer overflow in IBM Informix Dynamic Server (IDS) 9↗2022-05-01

▶

CVEList

CVE-2006-3862: Buffer overflow in IBM Informix Dynamic Server (IDS) 9↗2006-08-08

▶