CVE-2006-3067

Name of the Vulnerable Software and Affected Versions IBM DB2 Universal Database (UDB) versions prior to 8.1 FixPak 12

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved by exploiting a "long column list" in the REPLACE INTO and INSERT INTO portions of the LOAD command or by using a large number of values in an IN clause, which may be related to a buffer overflow.

Recommendations For versions prior to 8.1 FixPak 12, update to 8.1 FixPak 12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LOAD command with REPLACE INTO and INSERT INTO portions, and limit the number of values in IN clauses to minimize the risk of exploitation.