CVE-2009-4327

The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
http://secunia.com/advisories/37759	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772
http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
http://www.securityfocus.com/bid/37332
http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
http://secunia.com/advisories/37759	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772
http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
http://www.securityfocus.com/bid/37332
http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2:9.5:::::::*
	cpe:2.3:a:ibm:db2:9.5:fp1::::::
	cpe:2.3:a:ibm:db2:9.5:fp2::::::
	cpe:2.3:a:ibm:db2:9.5:fp2a::::::
	cpe:2.3:a:ibm:db2:9.5:fp3::::::
	cpe:2.3:a:ibm:db2:9.5:fp3a::::::
	cpe:2.3:a:ibm:db2:9.5:fp3b::::::
	cpe:2.3:a:ibm:db2:9.7:::::::*

History

21 Nov 2024, 01:09

Type	Values Removed	Values Added
References	~~() ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT -~~	() ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT -
References	~~() ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT -~~	() ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT -
References	~~() http://secunia.com/advisories/37759 - Vendor Advisory~~	() http://secunia.com/advisories/37759 - Vendor Advisory
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21293566 - Patch~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21293566 - Patch
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21412902 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21412902 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/37332 -~~	() http://www.securityfocus.com/bid/37332 -
References	~~() http://www.vupen.com/english/advisories/2009/3520 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/3520 - Vendor Advisory

Information

Published : 2009-12-16 18:30

Updated : 2024-11-21 01:09

NVD link : CVE-2009-4327

Mitre link : CVE-2009-4327

CVE.ORG link : CVE-2009-4327

JSON object : View

Products Affected

ibm

CWE

CWE-20

Improper Input Validation

5.0 /10