CVE-2008-3853

IBM DB2 <9.1 FP4a, 9.5 FP1 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676.

References (7)

Core 7
Core References
Patch vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45141
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29601
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29784

Scores

EPSS 0.0577
EPSS Percentile 92.2%

Details

CWE
CWE-119
Status published
Products (1)
ibm/db2_universal_database 9.1 (16 CPE variants)
Published Aug 28, 2008
Tracked Since Feb 18, 2026