CVE-2017-1297

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
ibmdata_server_client
-
ibmdata_server_driver_for_odbc_and_cli
-
ibmdata_server_driver_package
-
ibmdata_server_runtime_client
-
ibmdb2
9.7
ibmdb2
9.7
ibmdb2
9.7
ibmdb2
9.7
ibmdb2
9.7
ibmdb2
10.1
ibmdb2
10.1
ibmdb2
10.1
ibmdb2
10.1
ibmdb2
10.1
ibmdb2
10.5
ibmdb2
10.5
ibmdb2
10.5
ibmdb2
10.5
ibmdb2
10.5
ibmdb2
11.1
ibmdb2
11.1
ibmdb2
11.1
ibmdb2
11.1
ibmdb2
11.1
ibmdb2_connect
9.7
ibmdb2_connect
9.7
ibmdb2_connect
9.7
ibmdb2_connect
10.1
ibmdb2_connect
10.1
ibmdb2_connect
10.1
ibmdb2_connect
10.5
ibmdb2_connect
10.5
ibmdb2_connect
10.5
ibmdb2_connect
11.1.0.0
ibmdb2_connect
11.1.0.0
ibmdb2_connect
11.1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg22004878
http://www.securityfocus.com/bid/99271
http://www.securitytracker.com/id/1038772
https://exchange.xforce.ibmcloud.com/vulnerabilities/125159
https://www.exploit-db.com/exploits/42260/
http://www.ibm.com/support/docview.wss?uid=swg22004878
http://www.securityfocus.com/bid/99271
http://www.securitytracker.com/id/1038772
https://exchange.xforce.ibmcloud.com/vulnerabilities/125159
https://www.exploit-db.com/exploits/42260/