CVE-2012-2197Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM DB2

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.1HIGHNVD
EPSS
12.9%
top 5.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedJul 25
Latest updateMay 17

Description

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDibm/db234 versions+33

🔴Vulnerability Details

2
GHSA
GHSA-mjm7-v78h-c4f5: Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 92022-05-17
CVEList
CVE-2012-2197: Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 92012-07-25
CVE-2012-2197 — IBM DB2 vulnerability | cvebase