[原文]Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow.
IBM DB2 Universal Database LOAD Command "long column list" Parameter DoS
Remote / Network Access
Denial of Service
Loss of Availability
DB2 contains a flaw that may allow a remote denial of service. The issue is triggered when the column list specified in the REPLACE INTO or INSERT INTO
section of a LOAD command is too long, or if an incorrect delimiter is used in the column list, and will result in loss of availability for the service.
Upgrade to version 8 FixPak 12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.