Description
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
Patch vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45141
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29601
Various Sources x_refsource_confirm
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29784
Scores
EPSS
0.0577
EPSS Percentile
92.2%
Details
CWE
CWE-119
Status
published
Products (1)
ibm/db2_universal_database
9.1 (16 CPE variants)
Published
Aug 28, 2008
Tracked Since
Feb 18, 2026