PT-2006-7240 · Ibm · Db2
Published
2006-12-19
·
Updated
2008-09-05
·
CVE-2006-6638
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
IBM DB2 version 8.1 before FixPak 14
Description
The issue allows remote attackers to cause a denial of service via a crafted SQLJRA packet. This packet causes a NULL pointer dereference in the
sqle db2ra as recvrequest function in DB2ENGN.DLL.Recommendations
For IBM DB2 version 8.1, apply FixPak 14 to resolve the issue. As a temporary workaround, consider restricting access to the
sqle db2ra as recvrequest function in DB2ENGN.DLL until the fix is applied.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Db2