CVE-2009-4325

IBM DB2 <8.2 FP18, <9.1 FP8, <9.5 FP5, <9.7 FP1 - Memory Corruption

Title source: llm
STIX 2.1

Description

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

References (13)

Core 13
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Exploit, Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709
Exploit, Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3520
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37332
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37759

Scores

EPSS 0.0265
EPSS Percentile 83.9%

Details

CWE
CWE-20
Status published
Products (4)
ibm/db2 8.2 (18 CPE variants)
ibm/db2 9.1 (11 CPE variants)
ibm/db2 9.5 (7 CPE variants)
ibm/db2 9.7
Published Dec 16, 2009
Tracked Since Feb 18, 2026