CVE-2012-0712Infinite Loop in IBM DB2

CWE-3993 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
1.0%
top 23.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedMar 20
Latest updateMay 17

Description

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/db29.5, 9.7, 9.8+2

🔴Vulnerability Details

2
GHSA
GHSA-rm8f-ww5g-m87j: The XML feature in IBM DB2 92022-05-17
CVEList
CVE-2012-0712: The XML feature in IBM DB2 92012-03-20
CVE-2012-0712 — Infinite Loop in IBM DB2 | cvebase