CVE-2010-0462

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

References

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html

http://securitytracker.com/id?1023509

http://www.securityfocus.com/bid/37976

http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922

http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933

http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935

http://www-01.ibm.com/support/docview.wss?uid=swg21426108

http://www-01.ibm.com/support/docview.wss?uid=swg21432298

https://exchange.xforce.ibmcloud.com/vulnerabilities/55899

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518

Details

Source: MITRE

Published: 2010-01-28

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
49120IBM DB2 9.5 < Fix Pack 6a Multiple VulnerabilitiesNessusDatabases
critical
5556IBM DB2 9.7 < 9.7 Fix Pack 2 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
46766IBM DB2 9.7 < Fix Pack 2 Multiple VulnerabilitiesNessusDatabases
medium
46173IBM DB2 9.1 < Fix Pack 9 Multiple VulnerabilitiesNessusDatabases
medium