IBM DB2 - 'REPEAT()' Local Heap Buffer Overflow

Author: Evgeny Legerov
type: local
platform: unix
port: 
date_added: 2010-01-27  
date_updated: 2014-05-30  
verified: 1  
codes: CVE-2010-0462;OSVDB-62063  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 33572.txt  

source: https://www.securityfocus.com/bid/37976/info

IBM DB2 is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application.

The issue affects the following:

IBM DB2 versions prior to 9.1 Fix Pack 9
IBM DB2 9.7

Other versions may also be affected.

SELECT REPEAT(REPEAT('1',1000),1073741825) FROM SYSIBM.SYSDUMMY1