CVE-2012-2180 - Vulnerability Details - OpenCVE

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2:9.7:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.1:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.2:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.3:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.4:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.5:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:db2:9.8:::::::*
	cpe:2.3:a:ibm:db2:9.8.0.3:::::::*
	cpe:2.3:a:ibm:db2:9.8.0.4:::::::*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=swg1IC82234
http://www.ibm.com/support/docview.wss?uid=swg1IC82367
http://www.ibm.com/support/docview.wss?uid=swg21597090
http://www.securityfocus.com/bid/53873
https://exchange.xforce.ibmcloud.com/vulnerabilities/75418

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2012-06-20T10:00:00

Updated: 2024-08-06T19:26:08.491Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2180

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-06-20T10:27:28.443

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-2180

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-02T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "db2-drdaconnection-dos(75418)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"}, {"name": "IC82234", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"}, {"name": "53873", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53873"}, {"name": "IC82367", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2180", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "db2-drdaconnection-dos(75418)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"}, {"name": "IC82234", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg21597090", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"}, {"name": "53873", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53873"}, {"name": "IC82367", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:08.491Z"}, "title": "CVE Program Container", "references": [{"name": "db2-drdaconnection-dos(75418)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"}, {"name": "IC82234", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"}, {"name": "53873", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53873"}, {"name": "IC82367", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2180", "datePublished": "2012-06-20T10:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.491Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*", "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request."}, {"lang": "es", "value": "La funcionalidad de encadenamiento en el m\u00f3dulo de arquitectura de bases de datos relacionales distribuidas - 'Distributed Relational Database Architecture'(DRDA) en IBM DB2 v9.7 antes de FP6 y 9.8 antes de FP5, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia de puntero nulo y excesivo consumo de recursos o caida del demonio) a trav\u00e9s de una solicitud modificada a mano."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n'CWE-476: NULL Pointer Dereference'", "id": "CVE-2012-2180", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-20T10:27:28.443", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"}, {"source": "psirt@us.ibm.com", "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/53873"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}