CVE-2007-4276

CWE-119 — Buffer Overflow3 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 73.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedAug 18

Latest updateMay 1

Description

Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/db2_universal_database8.0+1

Patches

Patch: secunia.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wr22-x6h6-rwqh: Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9↗2022-05-01

▶

CVEList

CVE-2007-4276: Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9↗2007-08-18

▶