PT-2014-5086 · Ibm · Ibm Db2
Published
2014-09-04
·
Updated
2017-08-29
·
CVE-2014-3095
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
IBM DB2 versions 9.5 through FP10
IBM DB2 versions 9.7 through FP9a
IBM DB2 versions 9.8 through FP5
IBM DB2 versions 10.1 through FP4
IBM DB2 versions 10.5 before FP4
Description
The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This can be achieved by using a crafted UNION clause in a subquery of a SELECT statement.
Recommendations
For IBM DB2 versions 9.5 through FP10, update to a version after FP10 to resolve the issue.
For IBM DB2 versions 9.7 through FP9a, update to a version after FP9a to resolve the issue.
For IBM DB2 versions 9.8 through FP5, update to a version after FP5 to resolve the issue.
For IBM DB2 versions 10.1 through FP4, update to a version after FP4 to resolve the issue.
For IBM DB2 versions 10.5 before FP4, update to FP4 or later to resolve the issue.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2