CVE-2007-3676 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2 Universal Database

CWE-399 CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents3 sources

Severity

10.0CRITICALNVD

NVD9.3

EPSS

4.1%

top 11.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 IBM DB2 Universal Database

Timeline

PublishedFeb 13

Latest updateMay 17

Description

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/db2_universal_database9.1

▶NVDibm/db28.0+4

Patches

Patch: labs.idefense.com ↗Patch: labs.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-2vvf-4m7g-gc7w: Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9↗2022-05-17

▶

GHSA

GHSA-xxpj-63fc-3w3g: Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9↗2022-05-03

▶

GHSA

GHSA-xrxm-c9j3-54pp: IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of↗2022-05-01

▶

CVEList

CVE-2008-6821: Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9↗2009-06-03

▶

CVEList

CVE-2008-3853: Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9↗2008-08-28

▶