CVE-2012-2197
IBM DB2 - Stack-based Buffer Overflow in Java Stored Procedure Infrastructure
Title source: llmDescription
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.
References (8)
Core 8
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49919
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54487
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752
Scores
EPSS
0.0449
EPSS Percentile
90.4%
Details
CWE
CWE-119
Status
published
Products (34)
ibm/db2
9.1
ibm/db2
9.1.0.1
ibm/db2
9.1.0.2 (2 CPE variants)
ibm/db2
9.1.0.3 (2 CPE variants)
ibm/db2
9.1.0.4 (2 CPE variants)
ibm/db2
9.1.0.5
ibm/db2
9.1.0.6 (2 CPE variants)
ibm/db2
9.1.0.7 (2 CPE variants)
ibm/db2
9.1.0.8
ibm/db2
9.1.0.9
... and 24 more
Published
Jul 25, 2012
Tracked Since
Feb 18, 2026