Vulnerability Details : CVE-2014-3095
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-3095
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:10.1.0.3:a:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:9.5.0.10:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
Exploit prediction scoring system (EPSS) score for CVE-2014-3095
14.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3095
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2014-3095
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3095
-
http://www-01.ibm.com/support/docview.wss?uid=swg21681623
IBM Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability using a SELECT statement with a subquery containing a UNION (CVE-2014-3095)Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645
IBM IT02645: SECURITY: DB2 contains a denial of service vulnerability in SQL Compiler (CVE-2014-3095)
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433
IBM IT02433: SECURITY: DB2 contains a denial of service vulnerability in SQL Compiler (CVE-2014-3095)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646
IBM IT02646: SECURITY: DB2 contains a denial of service vulnerability in SQL Compiler (CVE-2014-3095)
-
http://www-01.ibm.com/support/docview.wss?uid=swg21683297
IBM Security Bulletin: IBM® InfoSphere Balanced Warehouse, IBM Smart Analytics System and IBM PureData System for Operational Analytics are affected by an IBM DB2® LUW denial of service vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94263
IBM DB2 SELECT denial of service CVE-2014-3095 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643
IBMid - Sign in or create an IBMid
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644
IBMid - Sign in or create an IBMid
-
http://secunia.com/advisories/58725
Sign in
-
http://www.securityfocus.com/bid/69546
Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability
Jump to