CVE-2023-28526Heap-based Buffer Overflow in IBM Informix Dynamic Server

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.2
EPSS
0.0%
top 93.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Informix Dynamic Server
Timeline
PublishedDec 9

Description

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/informix_dynamic_server12.10, 14.10
NVDibm/informix_dynamic_server12.10, 14.10+1

🔴Vulnerability Details

2
CVEList
IBM Informix Dynamic Server buffer overflow2023-12-09
GHSA
GHSA-w3qq-h832-55jf: IBM Informix Dynamic Server 122023-12-09
CVE-2023-28526 — Heap-based Buffer Overflow in IBM | cvebase