Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-1297

CWE-119Buffer OverflowCWE-617Reachable Assertion6 documents6 sources
Severity
7.3HIGH
EPSS
0.3%
top 49.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
IBM DB2IBM DB2 Connect
Timeline
PublishedJun 27
Latest updateMay 17

Description

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

NVDibm/db2_connect4 versions+3
NVDibm/db24 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-w857-2m85-c8wr: IBM DB2 for Linux, UNIX and Windows 92022-05-17
CVEList
CVE-2017-1297: IBM DB2 for Linux, UNIX and Windows 92017-06-27

💥Exploits & PoCs

1
Exploit-DB
IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow2017-06-26

📋Vendor Advisories

1
Red Hat
jasper: reachable assertion in jpc_dec_process_siz() - dec->numvtiles2017-08-25

💬Community

1
Bugzilla
CVE-2017-13746 jasper: reachable assertion in jpc_dec_process_siz() - dec->numvtiles2017-09-06
CVE-2017-1297 (HIGH CVSS 7.3) | IBM DB2 for Linux | cvebase.io