CVE-2006-4257IBM DB2 Universal Database vulnerability

CWE-3996 documents3 sources
Severity
5.0MEDIUMNVD
NVD4.0CNA4.0
EPSS
1.3%
top 20.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM DB2IBM DB2 Universal Database
Timeline
PublishedAug 21
Latest updateMay 3

Description

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDibm/db2_universal_database13 versions+12
NVDibm/db215 versions+14

Patches

Patch: secunia.comPatch: www-1.ibm.comPatch: secunia.com

🔴Vulnerability Details

4
GHSA
GHSA-hcpr-x372-mrhj: IBM DB2 Universal Database (UDB) before 82022-05-03
GHSA
GHSA-89gw-fq9p-7x94: IBM DB2 82022-05-01
CVEList
CVE-2006-6638: IBM DB2 82006-12-19
CVEList
CVE-2006-4257: IBM DB2 Universal Database (UDB) before 82006-08-21
CVE-2006-4257 — IBM vulnerability | cvebase