CVE-2008-3853

Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
ibmdb2_universal_database
9.1
ibmdb2_universal_database
9.1
ibmdb2_universal_database
9.1
ibmdb2_universal_database
9.1
ibmdb2_universal_database
9.1:fp2
ibmdb2_universal_database
9.1:fp2
ibmdb2_universal_database
9.1:fp2
ibmdb2_universal_database
9.1:fp2
ibmdb2_universal_database
9.1:fp3
ibmdb2_universal_database
9.1:fp3
ibmdb2_universal_database
9.1:fp3
ibmdb2_universal_database
9.1:fp3
ibmdb2_universal_database
9.1:fp4
ibmdb2_universal_database
9.1:fp4
ibmdb2_universal_database
9.1:fp4
ibmdb2_universal_database
9.1:fp4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://secunia.com/advisories/29784
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://www.securityfocus.com/bid/29601
https://exchange.xforce.ibmcloud.com/vulnerabilities/45141
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://secunia.com/advisories/29784
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://www.securityfocus.com/bid/29601
https://exchange.xforce.ibmcloud.com/vulnerabilities/45141