CVE-2007-1087Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 76.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedFeb 23
Latest updateMay 1

Description

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDibm/db213 versions+12

Patches

Patch: www-1.ibm.comPatch: www.securityfocus.comPatch: www-1.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-v93h-jxx8-f2rh: IBM DB2 82022-05-01
CVEList
CVE-2007-1087: IBM DB2 82007-02-23
CVE-2007-1087 — IBM DB2 vulnerability | cvebase