CVE-2006-6638

IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

Published: Dec 19, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6638
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / db2_universal_database	8.1.4	8.1.4.x
ibm / db2_universal_database	8.1.6	8.1.6.x
ibm / db2_universal_database	8.1	8.1.x
ibm / db2_universal_database	8.10	8.10.x
ibm / db2_universal_database	8.1.8a	8.1.8a.x
ibm / db2_universal_database	8.1.6c	8.1.6c.x
ibm / db2_universal_database	8.1.8	8.1.8.x
ibm / db2_universal_database	8.1.7b	8.1.7b.x
ibm / db2_universal_database	8.1.5	8.1.5.x
ibm / db2_universal_database	8.1.7	8.1.7.x
ibm / db2_universal_database	8.1.9a	8.1.9a.x
ibm / db2_universal_database	8.1.9	8.1.9.x
ibm / db2_universal_database	8.12	8.12.x

Vulnerability Database

289,697

CVE-2006-6638