Buffer Overflow Vulnerability in IBM Informix Dynamic Server
CVE-2006-3854

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Dynamic Database Server
Vendor: CVE Published:; 17 August 2006

Summary

A buffer overflow vulnerability exists in IBM Informix Dynamic Server when handling excessively long usernames. Specifically, this issue arises when the server processes error messages during its operation, leading to a vulnerability in the vsprintf function. Attackers can exploit this flaw remotely, potentially enabling the execution of arbitrary code on the affected system. The vulnerability is particularly relevant for versions 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5 running on Windows environments. This incident stems from an incomplete fix for a prior vulnerability.

References

http://www.securityfocus.com/archive/1/443150/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/28381

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/443133/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 17, 2006
Vulnerability Reserved
Jul 26, 2006