CVE-2013-3475

CWE-119Buffer OverflowCWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
7.2HIGH
EPSS
0.1%
top 79.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM DB2IBM DB2 Connect
Timeline
PublishedJun 5
Latest updateMay 14

Description

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDibm/db2_connect5 versions+4
NVDibm/db25 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-44qq-wj24-2rr2: Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 92022-05-14
CVEList
CVE-2013-3475: Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 92013-06-05

📋Vendor Advisories

2
Red Hat
openstack-horizon: multiple XSS flaws2014-07-08
Red Hat
openstack-horizon: multiple XSS flaws2014-07-08
CVE-2013-3475 (HIGH CVSS 7.2) | Stack-based buffer overflow in db2a | cvebase.io