Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2009-1906

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.

  • Published: Jun 3, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-1906
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Software From Fixed in
ibm / db2 9.1-fp4 9.1-fp4.x
ibm / db2 9.1-fp6a 9.1-fp6a.x
ibm / db2 9.1-fp1 9.1-fp1.x
ibm / db2 9.1-fp5 9.1-fp5.x
ibm / db2 9.5-fp1 9.5-fp1.x
ibm / db2 9.1-fp3 9.1-fp3.x
ibm / db2 9.1-fp3a 9.1-fp3a.x
ibm / db2 9.1-fp6 9.1-fp6.x
ibm / db2 9.1-fp2 9.1-fp2.x
ibm / db2 9.1-fp4a 9.1-fp4a.x
ibm / db2 9.5-fp2 9.5-fp2.x
ibm / db2 9.5-fp3 9.5-fp3.x