CVE-2014-6097 — Improper Input Validation in IBM DB2

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.6%

top 31.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedNov 8

Latest updateMay 17

Description

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/db29.7, 9.8+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5vhc-vppw-pc2v: IBM DB2 9↗2022-05-17

▶

CVEList

CVE-2014-6097: IBM DB2 9↗2014-11-08

▶