Lucene search

MitreCVE-2005-4870

HistoryOct 06, 2007 - 9:00 p.m.

CVE-2005-4870

2007-10-0621:00:00

CWE-119

mitre

web.nvd.nist.gov

ibm

db2

8.1

stack-based buffer overflows

remote code execution

security vulnerability

cve-2005-4870

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.3

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument.

Affected configurations

Nvd

Node

ibmdb2Match8.1

VendorProductVersionCPE
ibmdb28.1cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	8.1	cpe:2.3:a:ibm:db2:8.1:::::::*

References

marc.info/?l=bugtraq&m=110495554227717&w=2

secunia.com/advisories/12733/

www-1.ibm.com/support/docview.wss?uid=swg1IY62297

www.nextgenss.com/advisories/db205012005H.txt

www.securityfocus.com/bid/11404

exchange.xforce.ibmcloud.com/vulnerabilities/17617

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.3

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

Related for CVE-2005-4870