CVE-2007-2582

critical

Description

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34184

http://www.zerodayinitiative.com/advisories/ZDI-07-056.html

http://www.vupen.com/english/advisories/2007/1707

http://www.securitytracker.com/id?1018801

http://www.securitytracker.com/id?1018029

http://www.securityfocus.com/bid/26010

http://www.securityfocus.com/bid/23890

http://www.securityfocus.com/archive/1/482024/100/0/threaded

http://www-1.ibm.com/support/search.wss?rs=0&q=IY97750&apar=only

http://secunia.com/advisories/25148

http://osvdb.org/40975

http://osvdb.org/40973

Details

Source: Mitre, NVD

Published: 2007-05-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical