Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0172

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.0MEDIUM

EPSS

5.8%

top 9.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM DB2 Universal Database

Timeline

PublishedJan 16

Latest updateMay 3

Description

Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/db2_universal_database9.1, 9.5+1

Patches

Patch: www-01.ibm.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5x3p-f72v-8jx5: Unspecified vulnerability in IBM DB2 8 before FP17a, 9↗2022-05-03

▶

CVEList

CVE-2009-0172: Unspecified vulnerability in IBM DB2 8 before FP17a, 9↗2009-01-16

▶

💥Exploits & PoCs

Exploit-DB

IBM DB2 < 9.5 pack 3a - Connect Denial of Service↗2009-04-03

▶