Vulnerability Description
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.5 |
| Linux | Linux Kernel | All versions |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/58725
- http://secunia.com/advisories/60845
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646
- http://www-01.ibm.com/support/docview.wss?uid=swg21681623PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21683297
- http://www.securityfocus.com/bid/69546
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94263
- http://secunia.com/advisories/58725
- http://secunia.com/advisories/60845
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643
FAQ
What is CVE-2014-3095?
CVE-2014-3095 is a vulnerability with a CVSS score of 3.5 (LOW). The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of ...
How severe is CVE-2014-3095?
CVE-2014-3095 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3095?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2, Linux Linux Kernel, Microsoft Windows.