Denial of Service vulnerability in IBM DB2 software
CVE-2008-3858

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 28 August 2008

Summary

The Downlevel DB2RA Support component in IBM DB2 version 9.1 prior to Fixpak 4a is susceptible to a denial of service attack. By sending a specially crafted CONNECT data stream that mimics a V7 client connect request, attackers can trigger an instance crash, disrupting services and potentially affecting the availability of the database system. Organizations using this version should ensure that they are updated to the latest patches to mitigate this vulnerability and enhance their security posture.

References

http://www-1.ibm.com/support/docview.wss?uid=swg21255607

x_refsource_CONFIRM

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07299

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/45138

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 28, 2008
Vulnerability Reserved
Aug 28, 2008