CVE-2008-3959

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

Affected Software

Name	Vendor	Start Version	End Version
Db2	Ibm	*	8.1 (including)
Db2	Ibm	*	8.2 (including)
Db2	Ibm	8.1-fp1 (including)	8.1-fp1 (including)
Db2	Ibm	8.1-fp10 (including)	8.1-fp10 (including)
Db2	Ibm	8.1-fp11 (including)	8.1-fp11 (including)
Db2	Ibm	8.1-fp12 (including)	8.1-fp12 (including)
Db2	Ibm	8.1-fp13 (including)	8.1-fp13 (including)
Db2	Ibm	8.1-fp14 (including)	8.1-fp14 (including)
Db2	Ibm	8.1-fp2 (including)	8.1-fp2 (including)
Db2	Ibm	8.1-fp3 (including)	8.1-fp3 (including)
Db2	Ibm	8.1-fp4 (including)	8.1-fp4 (including)
Db2	Ibm	8.1-fp5 (including)	8.1-fp5 (including)
Db2	Ibm	8.1-fp6 (including)	8.1-fp6 (including)
Db2	Ibm	8.1-fp7 (including)	8.1-fp7 (including)
Db2	Ibm	8.1-fp8 (including)	8.1-fp8 (including)
Db2	Ibm	8.1-fp9 (including)	8.1-fp9 (including)
Db2	Ibm	8.2 (including)	8.2 (including)
Db2	Ibm	8.2-fp1 (including)	8.2-fp1 (including)
Db2	Ibm	8.2-fp2 (including)	8.2-fp2 (including)
Db2	Ibm	8.2-fp3 (including)	8.2-fp3 (including)
Db2	Ibm	8.2-fp4 (including)	8.2-fp4 (including)
Db2	Ibm	8.2-fp5 (including)	8.2-fp5 (including)
Db2	Ibm	8.2-fp6 (including)	8.2-fp6 (including)
Db2	Ibm	8.2-fp7 (including)	8.2-fp7 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3959
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References