CVE-2008-3853

critical

Description

Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45141

http://www.securityfocus.com/bid/29601

http://www-1.ibm.com/support/docview.wss?uid=swg21255607

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406

http://secunia.com/advisories/29784

Details

Source: Mitre, NVD

Published: 2008-08-28

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical