CVE-2013-3031
Description
A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users to cause a denial of service (uninitialized-memory access and daemon crash) via a call that includes named arguments and default parameter values, but does not include all of the expected arguments.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21643599
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IC94044
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IC94043
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IC88796
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | soliddb | 6.0 | |
| ibm | soliddb | 6.0.1060 | |
| ibm | soliddb | 6.0.1061 | |
| ibm | soliddb | 6.0.1064 | |
| ibm | soliddb | 6.0.1065 | |
| ibm | soliddb | 6.0.1066 | |
| ibm | soliddb | 6.0.1067 | |
| ibm | soliddb | 6.0.1068 | |
| ibm | soliddb | 6.0.1069 | |
| ibm | soliddb | 6.3.33 | |
| ibm | soliddb | 6.3.34 | |
| ibm | soliddb | 6.3.37 | |
| ibm | soliddb | 6.3.38 | |
| ibm | soliddb | 6.3.39 | |
| ibm | soliddb | 6.3.40 | |
| ibm | soliddb | 6.3.41 | |
| ibm | soliddb | 6.3.42 | |
| ibm | soliddb | 6.3.44 | |
| ibm | soliddb | 6.3.47 | |
| ibm | soliddb | 6.3.48 | |
| ibm | soliddb | 6.3.49 | |
| ibm | soliddb | 6.3.52 | |
| ibm | soliddb | 6.3.53 | |
| ibm | soliddb | 6.3.54 | |
| ibm | soliddb | 6.3.55 | |
| ibm | soliddb | 6.5.0.0 | |
| ibm | soliddb | 6.5.0.1 | |
| ibm | soliddb | 6.5.0.2 | |
| ibm | soliddb | 6.5.0.3 | |
| ibm | soliddb | 6.5.0.4 | |
| ibm | soliddb | 6.5.0.5 | |
| ibm | soliddb | 6.5.0.6 | |
| ibm | soliddb | 6.5.0.7 | |
| ibm | soliddb | 6.5.0.8 | |
| ibm | soliddb | 6.5.09 | |
| ibm | soliddb | 6.5.10 | |
| ibm | soliddb | 6.5.11 | |
| ibm | soliddb | 7.0.0.0 | |
| ibm | soliddb | 7.0.0.1 | |
| ibm | soliddb | 7.0.0.2 | |
| ibm | soliddb | 7.0.0.3 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC88796
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC88797
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC94043
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC94044
- http://www-01.ibm.com/support/docview.wss?uid=swg21643599
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84593
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC88796
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC88797
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC94043
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC94044
- http://www-01.ibm.com/support/docview.wss?uid=swg21643599
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84593
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.