CVE-2008-1966

Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp4a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*

History

21 Nov 2024, 00:45

Type Values Removed Values Added
References () http://osvdb.org/46268 - () http://osvdb.org/46268 -
References () http://osvdb.org/46269 - () http://osvdb.org/46269 -
References () http://secunia.com/advisories/29022 - Vendor Advisory () http://secunia.com/advisories/29022 - Vendor Advisory
References () http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512 - () http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512 -
References () http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945 - () http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945 -
References () http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496 - () http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496 -
References () http://www-1.ibm.com/support/docview.wss?uid=swg21255607 - () http://www-1.ibm.com/support/docview.wss?uid=swg21255607 -
References () http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml - () http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml -
References () http://www.securityfocus.com/archive/1/491071/100/0/threaded - () http://www.securityfocus.com/archive/1/491071/100/0/threaded -
References () http://www.securityfocus.com/bid/28835 - () http://www.securityfocus.com/bid/28835 -
References () http://www.securityfocus.com/bid/29601 - () http://www.securityfocus.com/bid/29601 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41955 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41955 -

Information

Published : 2008-04-27 18:05

Updated : 2024-11-21 00:45


NVD link : CVE-2008-1966

Mitre link : CVE-2008-1966

CVE.ORG link : CVE-2008-1966


JSON object : View

Products Affected

ibm

  • db2
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer