Vulnerability Details : CVE-2017-1105
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-1105
- cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:application_server:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:unlimited:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:application_server:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:unlimited:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:unlimited:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:application_server:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:application_server:*:*:*
- cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:unlimited:*:*:*
- cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:data_server_runtime_client:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_server_driver_for_odbc_and_cli:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_server_client:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_server_driver_package:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1105
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:P |
3.9
|
4.9
|
NIST | |
7.1
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2017-1105
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1105
-
http://www.securitytracker.com/id/1038773
IBM DB2 Buffer Overflow Lets Local Users Overwrite DB2 Files and Deny Service - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/120668
IBM DB2 denial of service CVE-2017-1105 Vulnerability ReportVendor Advisory
-
http://www.securityfocus.com/bid/99264
Multiple IBM DB2 CVE-2017-1105 Local Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.ibm.com/support/docview.wss?uid=swg22003877
IBM Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105)Patch;Vendor Advisory
Jump to