CVE-2023-28527

Published: Dec 9, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

Affected (3)

Products: Ibm: Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data

Ibm

2 products

Informix Dynamic Server

Informix Dynamic Server On Cloud Pak For Data

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Informix Dynamic Server	Version 12.10
Ibm Informix Dynamic Server	Version 14.10
Ibm Informix Dynamic Server On Cloud Pak For Data	All versions

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/251206

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7070188

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/251206

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7070188

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.