PT-2021-12290 · Ibm · Ibm Db2

Dijing Wang

Published

2021-03-11

Updated

2021-04-12

CVE-2020-5025

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5

Description The issue is caused by improper bounds checking, leading to a buffer overflow in the db2fm component. This could allow a local attacker to execute arbitrary code on the system with root privileges.

Recommendations For IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider restricting access to the db2fm component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2020-5025

Affected Products

Ibm Db2

PT-2021-12290 · Ibm · Ibm Db2

CVE-2020-5025

Weakness Enumeration

Related Identifiers

Affected Products

References · 5