Unrated severityNVD Advisory· Published Oct 13, 2009· Updated Apr 23, 2026

CVE-2009-3691

Description

Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.

Affected products

IBM/Informix Client Sdk2 versions
cpe:2.3:a:ibm:informix_client_sdk:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:informix_client_sdk:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:informix_client_sdk:3.50:*:*:*:*:*:*:*
IBM/Informix Connect Runtime
cpe:2.3:a:ibm:informix_connect_runtime:3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

retrogod.altervista.org/9sg_ibm_setnet32.htmlnvdExploit
secunia.com/advisories/36949nvdVendor Advisory
www.vupen.com/english/advisories/2009/2834nvdVendor Advisory
securitytracker.com/idnvd
www.osvdb.org/58530nvd
www.securityfocus.com/bid/36588nvd
exchange.xforce.ibmcloud.com/vulnerabilities/53644nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.014
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000