Lucene search

[email protected]NVD:CVE-2023-35012

HistoryJul 17, 2023 - 1:15 a.m.

CVE-2023-35012

2023-07-1701:15:08

CWE-119

CWE-787

[email protected]

web.nvd.nist.gov

ibm

db2

linux

unix

windows

buffer overflow

security vulnerability

bounds checking

x-force

arbitrary code execution

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.

Affected configurations

NVD

Node

ibmdb2Match11.5-

AND

ibmaixMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

References

exchange.xforce.ibmcloud.com/vulnerabilities/257763

security.netapp.com/advisory/ntap-20230818-0013/

www.ibm.com/support/pages/node/7010747

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-35012

prion1 cve1 ibm9 cnvd1 cvelist1