Vulnerability Description
Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.7 |
| Linux | Linux Kernel | All versions |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/58616
- http://secunia.com/advisories/60845
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594
- http://www-01.ibm.com/support/docview.wss?uid=swg21681631PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21683296
- http://www.securityfocus.com/bid/69550
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94260
- http://secunia.com/advisories/58616
- http://secunia.com/advisories/60845
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593Vendor Advisory
FAQ
What is CVE-2014-3094?
CVE-2014-3094 is a vulnerability with a CVSS score of 8.5 (HIGH). Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code ...
How severe is CVE-2014-3094?
CVE-2014-3094 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3094?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2, Linux Linux Kernel, Microsoft Windows.