CVE-2010-3735 | Vulnerability Database | Aqua Security

The Query Compiler, Rewrite, Optimizer component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.

Affected Software

Name	Vendor	Start Version	End Version
Db2	Ibm	9.5 (including)	9.5 (including)
Db2	Ibm	9.5-fp1 (including)	9.5-fp1 (including)
Db2	Ibm	9.5-fp2 (including)	9.5-fp2 (including)
Db2	Ibm	9.5-fp2a (including)	9.5-fp2a (including)
Db2	Ibm	9.5-fp3 (including)	9.5-fp3 (including)
Db2	Ibm	9.5-fp3a (including)	9.5-fp3a (including)
Db2	Ibm	9.5-fp3b (including)	9.5-fp3b (including)
Db2	Ibm	9.5-fp4 (including)	9.5-fp4 (including)
Db2	Ibm	9.5-fp4a (including)	9.5-fp4a (including)
Db2	Ibm	9.5-fp5 (including)	9.5-fp5 (including)

References

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3735
CWE	https://cwe.mitre.org/data/definitions/399.html