CVE-2012-2197

IBM DB2 - Stack-based Buffer Overflow in Java Stored Procedure Infrastructure

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.

References (8)

Core 8
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49919
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54487
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752

Scores

EPSS 0.0449
EPSS Percentile 90.4%

Details

CWE
CWE-119
Status published
Products (34)
ibm/db2 9.1
ibm/db2 9.1.0.1
ibm/db2 9.1.0.2 (2 CPE variants)
ibm/db2 9.1.0.3 (2 CPE variants)
ibm/db2 9.1.0.4 (2 CPE variants)
ibm/db2 9.1.0.5
ibm/db2 9.1.0.6 (2 CPE variants)
ibm/db2 9.1.0.7 (2 CPE variants)
ibm/db2 9.1.0.8
ibm/db2 9.1.0.9
... and 24 more
Published Jul 25, 2012
Tracked Since Feb 18, 2026