exploitDog

GHSA-946w-fc5x-gqqm

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm).

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm).

Ссылки

EPSS

Процентиль: 25%

0.00084

Низкий

CVE ID

Дефекты

CWE-134

Связанные уязвимости

CVE-2007-4273

nvd

больше 18 лет назад

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm).

EPSS

Процентиль: 25%

0.00084

Низкий

CVE ID

Дефекты

CWE-134