8 matches found
CVE-2019-4523
CVE-2019-4523 affects IBM DB2 High Performance Unload load for LUW 6.1 and 6.5. Root cause: a buffer overflow due to improper bounds checking, enabling a local user to run code with root privileges. IBM bulletin shows fixes: Interim Fixes 6.1.0.3.6 (for 6.1) and 6.5.0.0.1 (for 6.5); follow remedi...
CVE-2019-4448
CVE-2019-4448 affects IBM DB2 High Performance Unload (HPU) load for LUW. The vulnerable binaries db2hpum and db2hpum_debug are setuid root and provide built-in options to load arbitrary libraries from a privileged context, enabling a low-privilege user to execute arbitrary code with root authori...
CVE-2019-4447
CVE-2019-4447 affects IBM DB2 High Performance Unload on LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2. The db2hpum_debug binary is setuid root and trusts PATH; a low-privilege user can hijack PATH to execute arbitrary commands as root, with a crash potentially tri...
CVE-2019-4606
CVE-2019-4606 affects IBM DB2 High Performance Unload for LUW versions 6.1 and 6.5. The vulnerability is an untrusted search path issue that could allow a local attacker to execute arbitrary code by using an executable file. IBM and related advisories describe impact as local code execution with ...
CVE-2025-33132
IBM DB2 High Performance Unload is affected by CVE-2025-33132. A authenticated user could cause the program to crash due to incorrect calculation of the size of the data being pointed to. Affected versions include 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, and 6.5.0.0 IF1. The vulnerability is...
CVE-2025-33126
IBM Db2 High Performance Unload is affected by CVE-2025-33126 due to an incorrect calculation of a buffer size, which could allow an authenticated user to cause the program to crash. Affected versions include 5.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, 6.5.0.0 and their IF1 variants (and 6.1.0.1, 6...
CVE-2025-33133
CVE-2025-33133 affects IBM DB2 High Performance Unload and can allow an authenticated user to crash the program due to an out-of-bounds write. Affected versions include 5.1, 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, and 6.5.0.0 IF1. The IBM security bulletin confirms the issue and lists the C...
CVE-2025-33131
IBM Db2 High Performance Unload (versions 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, 6.5.0.0 IF1, and 5.1) is affected by CVE-2025-33131 where an authenticated user could crash the program due to a buffer being overwritten on the stack. The IBM advisory attributes the issue to a stack-allocate...