CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-3691

Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.205

EPSS Ranking 95.3%

CVSS Severity

CVSS v2 Score 9.3

References

http://retrogod.altervista.org/9sg_ibm_setnet32.html
http://secunia.com/advisories/36949
http://securitytracker.com/id?1022985
http://www.osvdb.org/58530
http://www.securityfocus.com/bid/36588
http://www.vupen.com/english/advisories/2009/2834
https://exchange.xforce.ibmcloud.com/vulnerabilities/53644
http://retrogod.altervista.org/9sg_ibm_setnet32.html
http://secunia.com/advisories/36949
http://securitytracker.com/id?1022985
http://www.osvdb.org/58530
http://www.securityfocus.com/bid/36588
http://www.vupen.com/english/advisories/2009/2834
https://exchange.xforce.ibmcloud.com/vulnerabilities/53644

Products affected by CVE-2009-3691

Ibm » Informix Client Sdk » Version: 3.0

cpe:2.3:a:ibm:informix_client_sdk:3.0
Ibm » Informix Client Sdk » Version: 3.50

cpe:2.3:a:ibm:informix_client_sdk:3.50
Ibm » Informix Connect Runtime » Version: 3.0

cpe:2.3:a:ibm:informix_connect_runtime:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3691

Products

Pricing

Contact Us