CVE-2009-3691

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Client Sdk; Informix Connect Runtime
Vendor: CVE Published:; 13 October 2009

Summary

Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/53644

vdb-entryx_refsource_XF

http://securitytracker.com/id?1022985

vdb-entryx_refsource_SECTRACK

http://retrogod.altervista.org/9sg_ibm_setnet32.html

x_refsource_MISC

EPSS Score

84% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 13, 2009
Vulnerability Reserved
Oct 13, 2009