CVE-2008-3854

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

7.1%

top 8.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedAug 28

Latest updateMay 2

Description

Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDibm/db2_universal_database9.1, 9.5+1

Patches

Patch: secunia.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-gj57-mhm5-rfch: Multiple stack-based buffer overflows in IBM DB2 9↗2022-05-02

▶

CVEList

CVE-2008-3854: Multiple stack-based buffer overflows in IBM DB2 9↗2008-08-28

▶