CVE-2014-3094
IBM DB2 9.7-10.5 - Authenticated Remote Code Execution via ALTER MODULE Statement
Title source: llmDescription
Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.
References (10)
Core 10
Core References
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683296
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94260
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58616
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69550
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21681631
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60845
Scores
EPSS
0.0504
EPSS Percentile
91.3%
Details
CWE
CWE-119
Status
published
Products (23)
ibm/db2
9.7
ibm/db2
9.7.0.1
ibm/db2
9.7.0.2
ibm/db2
9.7.0.3
ibm/db2
9.7.0.4
ibm/db2
9.7.0.5
ibm/db2
9.7.0.6
ibm/db2
9.7.0.7
ibm/db2
9.7.0.8
ibm/db2
9.7.0.9 (2 CPE variants)
... and 13 more
Published
Sep 04, 2014
Tracked Since
Feb 18, 2026