Vulnerability Description
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 8.2 |
Related Weaknesses (CWE)
References
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APAPatch
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APA
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APA
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APA
- http://secunia.com/advisories/37759Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709ExploitVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500ExploitVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504
- http://www-01.ibm.com/support/docview.wss?uid=swg21293566PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21412902
- http://www.securityfocus.com/bid/37332
- http://www.vupen.com/english/advisories/2009/3520Vendor Advisory
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APAPatch
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APA
FAQ
What is CVE-2009-4325?
CVE-2009-4325 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external m...
How severe is CVE-2009-4325?
CVE-2009-4325 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4325?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.