CVE-2010-0462

IBM DB2 9.1-9.7 - Authenticated Heap-Based Buffer Overflow via REPEAT Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0462. PoCs published by Evgeny Legerov.

AI-analyzed exploit summary This exploit leverages a heap-based buffer overflow in IBM DB2 by executing a maliciously crafted SQL query with an excessively large REPEAT function. The vulnerability allows arbitrary code execution or application crash due to inadequate boundary checks.

Description

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Evgeny Legerov · textlocalunix

https://www.exploit-db.com/exploits/33572

View Code ZIP pw:eip

This exploit leverages a heap-based buffer overflow in IBM DB2 by executing a maliciously crafted SQL query with an excessively large REPEAT function. The vulnerability allows arbitrary code execution or application crash due to inadequate boundary checks.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: IBM DB2 versions prior to 9.1 Fix Pack 9 and IBM DB2 9.7

No auth needed

Prerequisites: Access to execute SQL queries on the target DB2 instance

MITRE ATT&CK