Vulnerability Details CVE-2008-3853
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.08
EPSS Ranking 91.7%
CVSS Severity
CVSS v2 Score 9.3
References
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
- http://secunia.com/advisories/29784
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379
- http://www-1.ibm.com/support/docview.wss?uid=swg21255607
- http://www.securityfocus.com/bid/29601
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45141
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
- http://secunia.com/advisories/29784
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379
- http://www-1.ibm.com/support/docview.wss?uid=swg21255607
- http://www.securityfocus.com/bid/29601
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45141
Products affected by CVE-2008-3853
-
cpe:2.3:a:ibm:db2_universal_database:9.1