The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Db2 | Ibm | 9.5 (including) | 9.5 (including) |
| Db2 | Ibm | 9.5-fp1 (including) | 9.5-fp1 (including) |
| Db2 | Ibm | 9.5-fp2 (including) | 9.5-fp2 (including) |
| Db2 | Ibm | 9.5-fp2a (including) | 9.5-fp2a (including) |
| Db2 | Ibm | 9.5-fp3 (including) | 9.5-fp3 (including) |
| Db2 | Ibm | 9.5-fp3a (including) | 9.5-fp3a (including) |
| Db2 | Ibm | 9.5-fp3b (including) | 9.5-fp3b (including) |
| Db2 | Ibm | 9.5-fp4 (including) | 9.5-fp4 (including) |
| Db2 | Ibm | 9.5-fp4a (including) | 9.5-fp4a (including) |
| Db2 | Ibm | 9.5-fp5 (including) | 9.5-fp5 (including) |
| Db2 | Ibm | 9.5-fp6 (including) | 9.5-fp6 (including) |
| Db2 | Ibm | 9.5-fp6a (including) | 9.5-fp6a (including) |
| Db2 | Ibm | 9.5-fp7 (including) | 9.5-fp7 (including) |
| Db2 | Ibm | 9.5-fp8 (including) | 9.5-fp8 (including) |
| Db2 | Ibm | 9.7 (including) | 9.7 (including) |
| Db2 | Ibm | 9.7-fp1 (including) | 9.7-fp1 (including) |
| Db2 | Ibm | 9.7-fp2 (including) | 9.7-fp2 (including) |
| Db2 | Ibm | 9.7-fp3 (including) | 9.7-fp3 (including) |
| Db2 | Ibm | 9.7-fp3a (including) | 9.7-fp3a (including) |
| Db2 | Ibm | 9.7-fp4 (including) | 9.7-fp4 (including) |
| Db2 | Ibm | 9.7-fp5 (including) | 9.7-fp5 (including) |
| Db2 | Ibm | 9.8 (including) | 9.8 (including) |
| Db2 | Ibm | 9.8-fp3 (including) | 9.8-fp3 (including) |
| Db2 | Ibm | 9.8-fp4 (including) | 9.8-fp4 (including) |
| Db2exc | Ubuntu | hardy | * |
| Db2exc | Ubuntu | lucid | * |
| Db2exc | Ubuntu | precise | * |
| Db2exc | Ubuntu | upstream | * |