CVE-2018-1459 β€” Out-of-bounds Write in IBM DB2

CWE-787 β€” Out-of-bounds Write4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedMay 25
Latest updateMay 13

Description

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDibm/db24 versions+3

πŸ”΄Vulnerability Details

2
GHSA
GHSA-qxch-pfpq-6hch: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9β†—2022-05-13
β–Ά
CVEList
CVE-2018-1459: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9β†—2018-05-25
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion↗2018-02-15
β–Ά
CVE-2018-1459 β€” Out-of-bounds Write in IBM DB2 | cvebase