High severity7.3NVD Advisory· Published Jun 27, 2017· Updated May 13, 2026
CVE-2017-1297
CVE-2017-1297
Description
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
Affected products
37- cpe:2.3:a:ibm:data_server_client:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_server_driver_for_odbc_and_cli:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_server_driver_package:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_server_runtime_client:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*+ 19 more
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*
cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:application_server:*:*:*+ 11 more
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:application_server:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:unlimited:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:application_server:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:unlimited:*:*:*
- cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:application_server:*:*:*
- cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:unlimited:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:application_server:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:unlimited:*:*:*
- IBM/DB2 for Linux, UNIX and Windowsv5Range: 10.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www.securityfocus.com/bid/99271nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/125159nvdVendor Advisory
- www.securitytracker.com/id/1038772nvd
- www.exploit-db.com/exploits/42260/nvd
News mentions
0No linked articles in our index yet.