What is the severity of CVE-2019-4154?

CVE-2019-4154 is classified as a critical vulnerability due to its potential to allow an authenticated local attacker to execute arbitrary code as root.

How do I fix CVE-2019-4154?

To fix CVE-2019-4154, users should update their IBM DB2 installations to the latest patched version provided by IBM.

What versions of IBM DB2 are affected by CVE-2019-4154?

CVE-2019-4154 affects IBM DB2 versions 9.7, 10.1, 10.5, and 11.1.

Is user authentication required to exploit CVE-2019-4154?

Yes, an attacker must be authenticated locally to exploit CVE-2019-4154.

Vulnerability/
CVE-2019-4154

high

8.4

CWE

119

1/7/2019

17/9/2024

CVE-2019-4154: Buffer Overflow

First published: Mon Jul 01 2019(Updated: )

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM DB2 Universal Database	=9.7.0.0
IBM DB2 Universal Database	=9.7.0.1
IBM DB2 Universal Database	=9.7.0.2
IBM DB2 Universal Database	=9.7.0.3
IBM DB2 Universal Database	=9.7.0.4
IBM DB2 Universal Database	=9.7.0.5
IBM DB2 Universal Database	=9.7.0.6
IBM DB2 Universal Database	=9.7.0.7
IBM DB2 Universal Database	=9.7.0.8
IBM DB2 Universal Database	=9.7.0.9
IBM DB2 Universal Database	=9.7.0.10
IBM DB2 Universal Database	=9.7.0.11
IBM DB2 Universal Database	=10.1.0.0
IBM DB2 Universal Database	=10.1.0.1
IBM DB2 Universal Database	=10.1.0.2
IBM DB2 Universal Database	=10.1.0.3
IBM DB2 Universal Database	=10.1.0.4
IBM DB2 Universal Database	=10.1.0.5
IBM DB2 Universal Database	=10.1.0.6
IBM DB2 Universal Database	=10.5.0.0
IBM DB2 Universal Database	=10.5.0.1
IBM DB2 Universal Database	=10.5.0.2
IBM DB2 Universal Database	=10.5.0.3
IBM DB2 Universal Database	=10.5.0.4
IBM DB2 Universal Database	=10.5.0.5
IBM DB2 Universal Database	=10.5.0.6
IBM DB2 Universal Database	=10.5.0.7
IBM DB2 Universal Database	=10.5.0.8
IBM DB2 Universal Database	=10.5.0.9
IBM DB2 Universal Database	=10.5.0.10
IBM DB2 Universal Database	=11.1.0.0
IBM DB2 Universal Database	=11.1.1.1
IBM DB2 Universal Database	=11.1.2.2
IBM DB2 Universal Database	=11.1.3.3
IBM DB2 Universal Database	=11.1.4.4
HPE HP-UX
IBM AIX
Linux Kernel
Oracle Solaris and Zettabyte File System (ZFS)

Remedy

https://www.ibm.com/support/docview.wss?uid=ibm10880737

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-4154?
CVE-2019-4154 is classified as a critical vulnerability due to its potential to allow an authenticated local attacker to execute arbitrary code as root.
How do I fix CVE-2019-4154?
To fix CVE-2019-4154, users should update their IBM DB2 installations to the latest patched version provided by IBM.
What versions of IBM DB2 are affected by CVE-2019-4154?
CVE-2019-4154 affects IBM DB2 versions 9.7, 10.1, 10.5, and 11.1.
What kind of attack can CVE-2019-4154 allow?
CVE-2019-4154 can allow an authenticated local attacker to execute arbitrary code on the system, potentially compromising system integrity.
Is user authentication required to exploit CVE-2019-4154?
Yes, an attacker must be authenticated locally to exploit CVE-2019-4154.

agent/type
agent/references
agent/severity
agent/author
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm db2 universal database
version/ibm db2 universal database/9.7.0.0
version/ibm db2 universal database/9.7.0.1
version/ibm db2 universal database/9.7.0.2
version/ibm db2 universal database/9.7.0.3
version/ibm db2 universal database/9.7.0.4
version/ibm db2 universal database/9.7.0.5
version/ibm db2 universal database/9.7.0.6
version/ibm db2 universal database/9.7.0.7
version/ibm db2 universal database/9.7.0.8
version/ibm db2 universal database/9.7.0.9
version/ibm db2 universal database/9.7.0.10
version/ibm db2 universal database/9.7.0.11
version/ibm db2 universal database/10.1.0.0
version/ibm db2 universal database/10.1.0.1
version/ibm db2 universal database/10.1.0.2
version/ibm db2 universal database/10.1.0.3
version/ibm db2 universal database/10.1.0.4
version/ibm db2 universal database/10.1.0.5
version/ibm db2 universal database/10.1.0.6
version/ibm db2 universal database/10.5.0.0
version/ibm db2 universal database/10.5.0.1
version/ibm db2 universal database/10.5.0.2
version/ibm db2 universal database/10.5.0.3
version/ibm db2 universal database/10.5.0.4
version/ibm db2 universal database/10.5.0.5
version/ibm db2 universal database/10.5.0.6
version/ibm db2 universal database/10.5.0.7
version/ibm db2 universal database/10.5.0.8
version/ibm db2 universal database/10.5.0.9
version/ibm db2 universal database/10.5.0.10
version/ibm db2 universal database/11.1.0.0
version/ibm db2 universal database/11.1.1.1
version/ibm db2 universal database/11.1.2.2
version/ibm db2 universal database/11.1.3.3
version/ibm db2 universal database/11.1.4.4
vendor/hp
canonical/hpe hp-ux
canonical/ibm aix
vendor/linux
canonical/linux kernel
vendor/oracle
canonical/oracle solaris and zettabyte file system (zfs)

CVE-2019-4154: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-4154?

How do I fix CVE-2019-4154?

What versions of IBM DB2 are affected by CVE-2019-4154?

What kind of attack can CVE-2019-4154 allow?

Is user authentication required to exploit CVE-2019-4154?

Company

Resources

Contact