CVE-2009-3470
First published: Tue Sep 29 2009(Updated: )
IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Informix Dynamic Database Server | =11.50.xc1 | |
| IBM Informix Dynamic Database Server | =11.50 | |
| IBM Informix Dynamic Database Server | =11.10 | |
| IBM Informix Dynamic Database Server | =10.00.xc3 | |
| IBM Informix Dynamic Database Server | =10.00.xc9 | |
| IBM Informix Dynamic Database Server | =10.00.xc6 | |
| IBM Informix Dynamic Database Server | =10.00.xc1 | |
| IBM Informix Dynamic Database Server | =10.00.xc4 | |
| IBM Informix Dynamic Database Server | =11.10.xc1 | |
| IBM Informix Dynamic Database Server | =10.00.xc10 | |
| IBM Informix Dynamic Database Server | =11.50.xc3 | |
| IBM Informix Dynamic Database Server | =10.0 | |
| IBM Informix Dynamic Database Server | =11.50.xc4 | |
| IBM Informix Dynamic Database Server | =10.00.xc2 | |
| IBM Informix Dynamic Database Server | =10.00.xc8 | |
| IBM Informix Dynamic Database Server | =10.00.xc5 | |
| IBM Informix Dynamic Database Server | =11.10.xc2 | |
| IBM Informix Dynamic Database Server | =11.10.xc3 | |
| IBM Informix Dynamic Database Server | =11.50.xc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-3470?
CVE-2009-3470 has a severity rating that suggests it can lead to denial of service through memory corruption and daemon crash.
How do I fix CVE-2009-3470?
To fix CVE-2009-3470, upgrade to IBM Informix Dynamic Server version 10.00.xC11, 11.10.xC4, or 11.50.xC5 or later.
What versions are affected by CVE-2009-3470?
CVE-2009-3470 affects IBM Informix Dynamic Server versions 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5.
Is CVE-2009-3470 related to JDBC connections?
Yes, CVE-2009-3470 allows attackers to exploit a vulnerability over a JDBC connection by sending a long password.
What are the potential impacts of CVE-2009-3470?
The potential impacts of CVE-2009-3470 include application crashes and denial of service, affecting the availability of the database.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm informix dynamic database server
- version/ibm informix dynamic database server/11.50.xc1
- version/ibm informix dynamic database server/11.50
- version/ibm informix dynamic database server/11.10
- version/ibm informix dynamic database server/10.00.xc3
- version/ibm informix dynamic database server/10.00.xc9
- version/ibm informix dynamic database server/10.00.xc6
- version/ibm informix dynamic database server/10.00.xc1
- version/ibm informix dynamic database server/10.00.xc4
- version/ibm informix dynamic database server/11.10.xc1
- version/ibm informix dynamic database server/10.00.xc10
- version/ibm informix dynamic database server/11.50.xc3
- version/ibm informix dynamic database server/10.0
- version/ibm informix dynamic database server/11.50.xc4
- version/ibm informix dynamic database server/10.00.xc2
- version/ibm informix dynamic database server/10.00.xc8
- version/ibm informix dynamic database server/10.00.xc5
- version/ibm informix dynamic database server/11.10.xc2
- version/ibm informix dynamic database server/11.10.xc3
- version/ibm informix dynamic database server/11.50.xc2