Total vulnerabilities in the database
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.
| Software | From | Fixed in |
|---|---|---|
| ibm / db2 | 8.0 | 8.0.x |
| ibm / db2 | 8.0-fp11 | 8.0-fp11.x |
| ibm / db2 | 8.0-fp3 | 8.0-fp3.x |
| ibm / db2 | 8.0-fp10 | 8.0-fp10.x |
| ibm / db2 | 8.0-fp9 | 8.0-fp9.x |
| ibm / db2 | 8.0-fp7b | 8.0-fp7b.x |
| ibm / db2 | 8.0-fp6a | 8.0-fp6a.x |
| ibm / db2 | 8.0-fp9a | 8.0-fp9a.x |
| ibm / db2 | 8.0-fp4 | 8.0-fp4.x |
| ibm / db2 | 8.0-fp7a | 8.0-fp7a.x |
| ibm / db2 | 8.0-fp6 | 8.0-fp6.x |
| ibm / db2 | 8.0-fp8 | 8.0-fp8.x |
| ibm / db2 | 8.0-fp14 | 8.0-fp14.x |
| ibm / db2 | 8.0-fp2 | 8.0-fp2.x |
| ibm / db2 | 8.0-fp1 | 8.0-fp1.x |
| ibm / db2 | 8.0-fp4a | 8.0-fp4a.x |
| ibm / db2 | 8.0-fp5 | 8.0-fp5.x |
| ibm / db2 | 8.0-fp6c | 8.0-fp6c.x |
| ibm / db2 | 8.0-fp13 | 8.0-fp13.x |
| ibm / db2 | 8.0-fp8a | 8.0-fp8a.x |
| ibm / db2 | 8.0-fp12 | 8.0-fp12.x |
| ibm / db2 | 8.0-fp6b | 8.0-fp6b.x |
| ibm / db2 | 8.0-fp15 | 8.0-fp15.x |
| ibm / db2 | 8.0-fp7 | 8.0-fp7.x |
| ibm / db2 | 9.5 | 9.5.x |
| ibm / db2 | 9.1-fp4 | 9.1-fp4.x |
| ibm / db2 | 9.1-fp1 | 9.1-fp1.x |
| ibm / db2 | 9.1 | 9.1.x |
| ibm / db2 | 9.1-fp3 | 9.1-fp3.x |
| ibm / db2 | 9.1-fp3a | 9.1-fp3a.x |
| ibm / db2 | 9.1-fp2a | 9.1-fp2a.x |
| ibm / db2 | 9.1-fp2 | 9.1-fp2.x |