PT-2012-3874 · Ibm · Ibm Db2

Published

2012-07-25

Updated

2017-12-22

CVE-2012-2197

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.1 before FP12 IBM DB2 versions 9.5 through FP9 IBM DB2 versions 9.7 through FP6 IBM DB2 versions 9.8 through FP5 IBM DB2 versions 10.1

Description The issue is related to a stack-based buffer overflow in the Java Stored Procedure infrastructure. This allows remote authenticated users with certain CONNECT and EXECUTE privileges to execute arbitrary code.

Recommendations For IBM DB2 version 9.1, update to FP12 or later. For IBM DB2 version 9.5, update to FP10 or later. For IBM DB2 version 9.7, update to FP7 or later. For IBM DB2 version 9.8, update to FP6 or later. For IBM DB2 version 10.1, update to a version that includes the fix for this issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2012-2197

Affected Products

Ibm Db2

PT-2012-3874 · Ibm · Ibm Db2

CVE-2012-2197

Weakness Enumeration

Related Identifiers

Affected Products

References · 9