CVE-2014-3094

IBM DB2 9.7-10.5 - Authenticated Remote Code Execution via ALTER MODULE Statement

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.

References (10)

Core 10
Core References
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683296
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94260
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58616
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69550
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21681631
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60845

Scores

EPSS 0.0504
EPSS Percentile 91.3%

Details

CWE
CWE-119
Status published
Products (23)
ibm/db2 9.7
ibm/db2 9.7.0.1
ibm/db2 9.7.0.2
ibm/db2 9.7.0.3
ibm/db2 9.7.0.4
ibm/db2 9.7.0.5
ibm/db2 9.7.0.6
ibm/db2 9.7.0.7
ibm/db2 9.7.0.8
ibm/db2 9.7.0.9 (2 CPE variants)
... and 13 more
Published Sep 04, 2014
Tracked Since Feb 18, 2026