The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
2012-03-20T20:55:01.397
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.0 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:N/A:P
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.5 | Yes |
| Application | ibm | db2 | 9.7 | Yes |
| Application | ibm | db2 | 9.7 | Yes |
| Application | ibm | db2 | 9.7 | Yes |
| Application | ibm | db2 | 9.7 | Yes |
| Application | ibm | db2 | 9.7 | Yes |
| Application | ibm | db2 | 9.7 | Yes |
| Application | ibm | db2 | 9.7 | Yes |
| Application | ibm | db2 | 9.8 | Yes |
| Application | ibm | db2 | 9.8 | Yes |
| Application | ibm | db2 | 9.8 | Yes |