CVE-2009-4325Improper Input Validation in IBM DB2

CWE-20Improper Input Validation3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
1.8%
top 17.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedDec 16
Latest updateMay 3

Description

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDibm/db24 versions+3

Patches

Patch: ftp.software.ibm.comPatch: www-01.ibm.comPatch: ftp.software.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-448j-xqxg-cvg3: The Client Interfaces component in IBM DB2 82022-05-03
CVEList
CVE-2009-4325: The Client Interfaces component in IBM DB2 82009-12-16
CVE-2009-4325 — Improper Input Validation in IBM DB2 | cvebase