CVE-2008-0768Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Informix Dynamic Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
10.0CRITICALNVD
EPSS
4.7%
top 10.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Informix Dynamic Server
Timeline
PublishedFeb 13
Latest updateMay 1

Description

Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDibm/informix_dynamic_server10.010.00.xc8+1

🔴Vulnerability Details

2
GHSA
GHSA-2v6c-27m4-v7m9: Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic2022-05-01
CVEList
CVE-2008-0768: Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic2008-02-13

💬Community

2
Bugzilla
CVE-2007-2691 mysql DROP privilege not enforced when renaming tables2007-05-29
Bugzilla
CVE-2006-4031 MySQL improper permission revocation2006-08-11
CVE-2008-0768 — IBM vulnerability | cvebase