CVE-2017-1297

moderate-risk

Published 2017-06-27

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

42260

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.3/10 High

LOCAL / LOW complexity

Affected Products (20)

Data Server Client

Db2

Db2 Connect

Data Server Driver For Odbc And Cli

Data Server Driver Package

Data Server Runtime Client

Db2

Affected Vendors

Ibm

References (10)

Patch http://www.ibm.com/support/docview.wss?uid=swg22004878

Third Party Advisory http://www.securityfocus.com/bid/99271

http://www.securitytracker.com/id/1038772

Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/125159

https://www.exploit-db.com/exploits/42260/

Patch http://www.ibm.com/support/docview.wss?uid=swg22004878

Third Party Advisory http://www.securityfocus.com/bid/99271

http://www.securitytracker.com/id/1038772

Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/125159

https://www.exploit-db.com/exploits/42260/

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 23/34 · High