CVE-2008-3959 — IBM DB2 vulnerability

6 documents3 sources

Severity

7.5HIGHNVD

NVD5.0CNA5.0CNA4.3

EPSS

0.9%

top 24.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedSep 11

Latest updateMay 3

Description

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/db28.1+5

Patches

Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-r9rm-x6jp-8r54: IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that sim↗2022-05-03

▶

GHSA

GHSA-h5r2-rjjw-28mj: IBM DB2 UDB 8↗2022-05-02

▶

CVEList

CVE-2008-3958: IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that sim↗2008-09-09

▶

CVEList

CVE-2008-3959: IBM DB2 UDB 8↗2008-09-09

▶