Lucene search

[email protected]NVD:CVE-2005-4870

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4870

2005-12-3105:00:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.021

Percentile

89.4%

JSON

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument.

Affected configurations

Nvd

Node

ibmdb2Match8.1

VendorProductVersionCPE
ibmdb28.1cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	8.1	cpe:2.3:a:ibm:db2:8.1:::::::*

References

marc.info/?l=bugtraq&m=110495554227717&w=2

secunia.com/advisories/12733/

www-1.ibm.com/support/docview.wss?uid=swg1IY62297

www.nextgenss.com/advisories/db205012005H.txt

www.securityfocus.com/bid/11404

exchange.xforce.ibmcloud.com/vulnerabilities/17617

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.021

Percentile

89.4%

JSON

Related for NVD:CVE-2005-4870

cvelist1 cve1 nessus1