CVE-2007-1088Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 76.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedFeb 23
Latest updateMay 1

Description

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDibm/db213 versions+12

Patches

Patch: www-1.ibm.comPatch: www.securityfocus.comPatch: www-1.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-9vg5-4h78-q3c4: Stack-based buffer overflow in IBM DB2 82022-05-01
CVEList
CVE-2007-1088: Stack-based buffer overflow in IBM DB2 82007-02-23
CVE-2007-1088 — IBM DB2 vulnerability | cvebase