Format String Vulnerability in IBM solidDB by IBM
CVE-2008-1705

Currently unrated

Key Information:

Vendor: IBM
Status: Soliddb
Vendor: CVE Published:; 9 April 2008

Summary

A format string vulnerability exists in the logging function of IBM solidDB versions 06.00.1018 and prior. This flaw allows remote attackers to leverage crafted format string specifiers in various fields, including the user name and peer name, potentially leading to the execution of arbitrary code on the affected system. Proper validation and sanitization of input data are recommended to mitigate such vulnerabilities.

References

http://aluigi.org/poc/soliduro.zip

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/41485

vdb-entryx_refsource_XF

http://secunia.com/advisories/29512

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 9, 2008
Vulnerability Reserved
Apr 9, 2008