header-logo
Suggest Exploit
vendor:
IBM DB2
by:
7.5
CVSS
HIGH
Denial of Service
20
CWE
Product Name: IBM DB2
Affected Version From:
Affected Version To:
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

IBM DB2 Denial of Service Vulnerability

IBM DB2 is prone to a denial of service vulnerability when DTS to string conversion is carried out. During a DTS to string conversion, a trap occurs if an empty formatting string is provided. The vulnerability is exposed in the 'to_char' and 'to_date' conversion functions.

Mitigation:

No known mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11400/info

IBM DB2 is reported prone to a denial of service vulnerability when DTS to string conversion is carried out.

It is reported that during a DTS to string conversion a trap occurs if an empty formatting string is provided. The vulnerability is exposed in the 'to_char' and 'to_date' conversion functions. 

select to_char('aaa','') from sysibm.sysdummy1
select to_date('aaa', '') from sysibm.sysdummy1

Navigation

Suggest Exploit

Services By CQR

cqrsecured