CVE-2009-1906

high

Description

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.

References

http://www.securityfocus.com/bid/35171

http://www-01.ibm.com/support/docview.wss?uid=swg21293566

http://secunia.com/advisories/35235

Details

Source: Mitre, NVD

Published: 2009-06-03

Updated: 2009-06-10

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High