Integer Overflow Vulnerability in IBM Informix Client SDK and Connect Runtime
CVE-2009-3691

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Client Sdk; Informix Connect Runtime
Vendor: CVE Published:; 13 October 2009

Summary

Multiple integer overflow vulnerabilities in setnet32.exe version 3.50.0.13752 within IBM Informix Client SDK and Connect Runtime can be exploited by remote attackers. By crafting a malicious .nfx file that manipulates HostSize, ProtoSize, and ServerSize fields, an attacker may trigger a stack-based buffer overflow through the HostList field, potentially allowing for arbitrary code execution on the target system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/53644

vdb-entryx_refsource_XF

http://securitytracker.com/id?1022985

vdb-entryx_refsource_SECTRACK

http://retrogod.altervista.org/9sg_ibm_setnet32.html

x_refsource_MISC

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 13, 2009
Vulnerability Reserved
Oct 13, 2009