CVE-2005-4869 - The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of serv

CVE-2005-4869

Summary

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

References

http://marc.info/?l=bugtraq&m=110495483501494&w=2
http://secunia.com/advisories/12733/
http://www.nextgenss.com/advisories/db205012005G.txt
http://www.securityfocus.com/bid/11400
http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781
https://exchange.xforce.ibmcloud.com/vulnerabilities/17614

Vulnerable Configurations

cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

aixapar	IY61781
bid	11400
bugtraq	20050105 IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G)
misc	http://www.nextgenss.com/advisories/db205012005G.txt
secunia	12733
xf	db2-dts-string-conversion(17614)

Last major update

29-07-2017 - 01:29

Published

31-12-2005 - 05:00

Last modified

29-07-2017 - 01:29