CVE-2009-4325
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
65.5%
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite “external memory” via unknown vectors, related to a missing “check for null pointers.”
Affected configurations
References
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
secunia.com/advisories/37759
www-01.ibm.com/support/docview.wss?uid=swg1IC64702
www-01.ibm.com/support/docview.wss?uid=swg1LI72709
www-01.ibm.com/support/docview.wss?uid=swg1LI74500
www-01.ibm.com/support/docview.wss?uid=swg1LI74504
www-01.ibm.com/support/docview.wss?uid=swg21293566
www-01.ibm.com/support/docview.wss?uid=swg21412902
www.securityfocus.com/bid/37332
www.vupen.com/english/advisories/2009/3520
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
65.5%