CVE-2020-4204

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 77.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM DB2 FOR Linux- Unix AND WindowsIBM DB2
Timeline
PublishedFeb 19
Latest updateMay 24

Description

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/db2_for_linux-_unix_and_windows5 versions+4
NVDibm/db25 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-5jxq-g8ww-8q6w: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 92022-05-24
CVEList
CVE-2020-4204: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 92020-02-19
CVE-2020-4204 (HIGH CVSS 7.8) | IBM DB2 for Linux | cvebase.io