返回 CVE 浏览器

CVE-2007-3676

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1040%

EPSS Percentile0.15th

Published2008年2月13日

Last Modified2026年4月23日

Vulnerability Description

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.

Affected Platforms (CPE)

📦

Ibm

Db2

<= 8.0

📦

Ibm

Db2

<= 9.0

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654

🔗 http://securitytracker.com/id?1019318

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654

🔗 http://securitytracker.com/id?1019318

相关漏洞威胁

CVE-2007-258210.0

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) ...

CVE-2005-486510.0

Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

CVE-2005-041710.0

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to t...

CVE-2007-605110.0

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has un...