Buffer Overflow Vulnerability in IBM DB2 Product
CVE-2008-3854

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 28 August 2008

What is CVE-2008-3854?

Multiple stack-based buffer overflows in IBM DB2 versions 9.1 prior to Fixpak 5 and version 9.5 prior to Fixpak 1 enable remote attackers to exploit vulnerabilities through XQuery statements and associated functions. This can lead to service disruptions, impacting database availability and integrity. Specifically, vulnerabilities arise in the handling of XMLQUERY, XMLEXISTS, XMLTABLE statements, and the sqlrlaka function, allowing for potential system outages.

References

http://www-1.ibm.com/support/docview.wss?uid=swg21255607

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/42935

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/496406/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

9% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2008
Vulnerability Reserved
Aug 28, 2008