Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0462Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents5 sources
Severity
6.5MEDIUMNVD
NVD4.0
EPSS
18.4%
top 4.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM DB2
Timeline
PublishedJan 28
Latest updateMay 17

Description

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDibm/db29.1+3

🔴Vulnerability Details

4
GHSA
GHSA-7rmf-wcv2-r7w8: Buffer overflow in the REPEAT function in IBM DB2 92022-05-17
GHSA
GHSA-qfxc-jf9x-mx8f: Heap-based buffer overflow in IBM DB2 92022-05-03
CVEList
CVE-2010-1560: Buffer overflow in the REPEAT function in IBM DB2 92010-04-27
CVEList
CVE-2010-0462: Heap-based buffer overflow in IBM DB2 92010-01-28

💥Exploits & PoCs

1
Exploit-DB
IBM DB2 - 'REPEAT()' Local Heap Buffer Overflow2010-01-27

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter March 2026
CVE-2010-0462 — IBM DB2 vulnerability | cvebase