CVE-2023-28527

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 93.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Informix Dynamic Server
Timeline
PublishedDec 9

Description

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/informix_dynamic_server12.10, 14.10
NVDibm/informix_dynamic_server12.10, 14.10+1

🔴Vulnerability Details

2
GHSA
GHSA-cx9x-3cmx-r6cq: IBM Informix Dynamic Server 122023-12-09
CVEList
IBM Informix Dynamic Server buffer overflow2023-12-09
CVE-2023-28527 (MEDIUM CVSS 5.5) | IBM Informix Dynamic Server 12.10 a | cvebase.io