| Vulnerability Name: | CVE-2010-3740 (CCN-62336) | ||||||||
| Assigned: | 2010-09-09 | ||||||||
| Published: | 2010-09-09 | ||||||||
| Updated: | 2017-09-19 | ||||||||
| Summary: | The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-399 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CONFIRM Type: UNKNOWN ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT Source: MITRE Type: CNA CVE-2010-3740 Source: AIXAPAR Type: Vendor Advisory IC66613 Source: CCN Type: IBM APAR IC66613 DB2EXT.TEXTSEARCH(FUZZY FORM OF 80 "99????8" CAUSES LARGE AMOUNTS OF MEMORY TO BE ALLOCATED BUT NOT FREED Source: CCN Type: OSVDB ID: 68410 IBM DB2 UDB Text Search Component Net Search Extender (NSE) Fuzzy Search db2ext.textSearch Function Remote DoS Source: XF Type: UNKNOWN ibm-db2-net-search-dos(62336) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:13811 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||