CVE-2006-6638IBM DB2 Universal Database vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
CNA4.0
EPSS
1.1%
top 21.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2 Universal Database
Timeline
PublishedDec 19
Latest updateMay 1

Description

IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/db2_universal_database13 versions+12

Patches

Patch: secunia.comPatch: www-1.ibm.comPatch: www.appsecinc.com

🔴Vulnerability Details

2
GHSA
GHSA-89gw-fq9p-7x94: IBM DB2 82022-05-01
CVEList
CVE-2006-6638: IBM DB2 82006-12-19
CVE-2006-6638 — IBM vulnerability | cvebase