Main Vulnerability Database SB2012120801

SB2012120801 - Buffer overflow in IBM Informix Dynamic Server

Published: December 8, 2012 Updated: August 11, 2020

Security Bulletin ID SB2012120801

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Buffer overflow (CVE-ID: CVE-2012-4857)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote #AU# to execute arbitrary code.

Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.

Remediation

Install update from vendor's website.

References

http://www.securitytracker.com/id?1027849
https://exchange.xforce.ibmcloud.com/vulnerabilities/79737
https://www.ibm.com/support/docview.wss?uid=swg21618994