Vulnerability Details : CVE-2010-0462
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
Vulnerability category: Overflow
Products affected by CVE-2010-0462
- cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*
Threat overview for CVE-2010-0462
Top countries where our scanners detected CVE-2010-0462
Top open port discovered on systems with this issue
523
IPs affected by CVE-2010-0462 41
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-0462!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-0462
13.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0462
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2010-0462
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0462
-
http://www-01.ibm.com/support/docview.wss?uid=swg21426108
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg21432298
IBM notice: The page you requested cannot be displayed
-
http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html
intevydis security researchExploit
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933
IBM IC65933: SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462).
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/55899
IBM DB2 SYSIBM buffer overflow CVE-2010-0462 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935
IBM IC65935: SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462).
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518
Repository / Oval Repository
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922
IBM IC65922: SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462)
-
ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
-
http://securitytracker.com/id?1023509
IBM DB2 Heap Overflow in Processing SELECT Statements Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/37976
IBM DB2 'REPEAT()' Heap Buffer Overflow VulnerabilityExploit
Jump to