7.3
CVSSv3

CVE-2017-1297

Published: 27/06/2017 Updated: 12/08/2017
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3
VMScore: 445
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local malicious user to execute arbitrary code. IBM X-Force ID: 125159.

Vulnerable Product Search on Vulmon Subscribe to Product

ibm data server client -

ibm data server driver for odbc and cli -

ibm data server driver package -

ibm data server runtime client -

ibm db2 9.7

ibm db2 10.1

ibm db2 10.5

ibm db2 11.1

ibm db2 connect 9.7

ibm db2 connect 10.1

ibm db2 connect 10.5

ibm db2 connect 11.1.0.0

Exploits

''' DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL: wwwdefensecodecom/advisories/IBM_DB2_Command_Line_Processor_Buffer_Overflowpdf Software: IBM DB2 Version: V97, V101, V105 and V111 on ...