Vulnerability Details CVE-2009-4325
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.7%
CVSS Severity
CVSS v2 Score 6.4
References
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
- http://secunia.com/advisories/37759
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504
- http://www-01.ibm.com/support/docview.wss?uid=swg21293566
- http://www-01.ibm.com/support/docview.wss?uid=swg21412902
- http://www.securityfocus.com/bid/37332
- http://www.vupen.com/english/advisories/2009/3520
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
- http://secunia.com/advisories/37759
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504
- http://www-01.ibm.com/support/docview.wss?uid=swg21293566
- http://www-01.ibm.com/support/docview.wss?uid=swg21412902
- http://www.securityfocus.com/bid/37332
- http://www.vupen.com/english/advisories/2009/3520