← Back

CVE-2010-3740

nvd nist
Published: Oct 5, 2010Modified: Apr 29, 2026

JSON object

Loading...
4.0
Vector
AV:N/AC:L/Au:S/C:N/I:N/A:P
Exploitability: 8.0 / Impact: 2.9
Source: NVD

Description

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.

Affected (10)

Products: Ibm: Db2
Ibm
1 product
Db2
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Db2
Version 9.5
Db2
Version 9.5 fp1
Db2
Version 9.5 fp2
Db2
Version 9.5 fp2a
Db2
Version 9.5 fp3
Db2
Version 9.5 fp3a
Db2
Version 9.5 fp3b
Db2
Version 9.5 fp4
Db2
Version 9.5 fp4a
Db2
Version 9.5 fp5

Related CWEs

CWE-399
CWE-399

References (6)

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT (unsafe URL)
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.