Skip to main content

Informix Dynamic Server CVE-2023-28527

MEDIUM
Heap-based Buffer Overflow (CWE-122)
2023-12-09 psirt@us.ibm.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 09, 2023 - 03:15 nvd
MEDIUM 5.5

DescriptionNVD

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

AnalysisAI

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-122. IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206. Affected products include: Ibm Informix Dynamic Server, Ibm Informix Dynamic Server On Cloud Pak For Data.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-3334 CRITICAL
9.0 Sep 25

Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 all

CVE-2012-4857 CRITICAL
9.0 Dec 08

Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users t

CVE-2024-45675 HIGH
8.4 Dec 02

CVE-2024-45675 is a security vulnerability (CVSS 8.4) that allows a local user. High severity vulnerability requiring pr

CVE-2016-0226 HIGH
7.8 Mar 28

The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (

CVE-2023-28523 HIGH
7.8 Dec 09

IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds

CVE-2020-4799 HIGH
7.8 Oct 08

IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds wri

CVE-2019-4253 HIGH
7.8 Aug 20

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious sha

CVE-2025-1991 HIGH
7.5 Jun 28

IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an in

CVE-2017-1508 MEDIUM
6.7 Sep 13

IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privil

CVE-2021-20515 MEDIUM
6.7 Apr 30

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. Ra

CVE-2017-1310 MEDIUM
6.5 Jun 29

IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large ass

CVE-2023-28526 MEDIUM
5.5 Dec 09

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds

Share

CVE-2023-28527 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy