CVE-2010-3731 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2

CWE-119 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
43.4%
top 2.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedOct 5
Latest updateMay 17

Description

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

β–ΆNVDibm/db29.5

πŸ”΄Vulnerability Details

2
GHSA
GHSA-vmhr-5mf4-px87: Stack-based buffer overflow in the validateUser implementation in the com↗2022-05-17
β–Ά
CVEList
CVE-2010-3731: Stack-based buffer overflow in the validateUser implementation in the com↗2010-10-05
β–Ά
CVE-2010-3731 β€” IBM DB2 vulnerability | cvebase