Vulnerability Description
The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.5 |
Related Weaknesses (CWE)
References
- ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARL
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARL
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2010-3740?
CVE-2010-3740 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users ...
How severe is CVE-2010-3740?
CVE-2010-3740 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3740?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.