CVE-2014-3095

IBM DB2 9.5-10.5 - Authenticated Denial of Service via UNION Clause in Subquery

Title source: llm
STIX 2.1

Description

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.

References (11)

Core 11
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21681623
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683297
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69546
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94263
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58725
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60845

Scores

EPSS 0.0212
EPSS Percentile 79.7%

Details

CWE
CWE-20
Status published
Products (34)
ibm/db2 9.5
ibm/db2 9.5.0.1
ibm/db2 9.5.0.2 (2 CPE variants)
ibm/db2 9.5.0.3 (3 CPE variants)
ibm/db2 9.5.0.4 (2 CPE variants)
ibm/db2 9.5.0.5
ibm/db2 9.5.0.6 a
ibm/db2 9.5.0.7
ibm/db2 9.5.0.8
ibm/db2 9.5.0.9
... and 24 more
Published Sep 04, 2014
Tracked Since Feb 18, 2026