Lucene search

MitreCVE-2009-4325

HistoryDec 16, 2009 - 6:30 p.m.

CVE-2009-4325

2009-12-1618:30:00

CWE-20

mitre

web.nvd.nist.gov

ibm

db2

cve-2009-4325

vulnerability

client interfaces

pointer validation

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

51.7%

JSON

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite “external memory” via unknown vectors, related to a missing “check for null pointers.”

Affected configurations

Nvd

Node

ibmdb2Match8.2

ibmdb2Match8.2fp1

ibmdb2Match8.2fp10

ibmdb2Match8.2fp11

ibmdb2Match8.2fp12

ibmdb2Match8.2fp13

ibmdb2Match8.2fp14

ibmdb2Match8.2fp15

ibmdb2Match8.2fp16

ibmdb2Match8.2fp17

ibmdb2Match8.2fp2

ibmdb2Match8.2fp3

ibmdb2Match8.2fp4

ibmdb2Match8.2fp5

ibmdb2Match8.2fp6

ibmdb2Match8.2fp7

ibmdb2Match8.2fp8

ibmdb2Match8.2fp9

ibmdb2Match9.1

ibmdb2Match9.1fp1

ibmdb2Match9.1fp2

ibmdb2Match9.1fp3

ibmdb2Match9.1fp3a

ibmdb2Match9.1fp4

ibmdb2Match9.1fp4a

ibmdb2Match9.1fp5

ibmdb2Match9.1fp6

ibmdb2Match9.1fp6a

ibmdb2Match9.1fp7

ibmdb2Match9.5

ibmdb2Match9.5fp1

ibmdb2Match9.5fp2

ibmdb2Match9.5fp2a

ibmdb2Match9.5fp3

ibmdb2Match9.5fp3a

ibmdb2Match9.5fp3b

ibmdb2Match9.7

VendorProductVersionCPE
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:*:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp10:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp11:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp12:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp13:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp14:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp15:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp16:*:*:*:*:*:*
ibmdb28.2cpe:2.3:a:ibm:db2:8.2:fp17:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:::::::*
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp1::::::
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp10::::::
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp11::::::
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp12::::::
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp13::::::
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp14::::::
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp15::::::
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp16::::::
ibm	db2	8.2	cpe:2.3:a:ibm:db2:8.2:fp17::::::

Rows per page:

1-10 of 371

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT

secunia.com/advisories/37759

www-01.ibm.com/support/docview.wss?uid=swg1IC64702

www-01.ibm.com/support/docview.wss?uid=swg1LI72709

www-01.ibm.com/support/docview.wss?uid=swg1LI74500

www-01.ibm.com/support/docview.wss?uid=swg1LI74504

www-01.ibm.com/support/docview.wss?uid=swg21293566

www-01.ibm.com/support/docview.wss?uid=swg21412902

www.securityfocus.com/bid/37332

www.vupen.com/english/advisories/2009/3520

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

51.7%

JSON

Related for CVE-2009-4325