Vigil@nce - IBM DB2: NULL pointer dereference via XSLT
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious XSLT file, to dereference a
NULL pointer in IBM DB2, in order to trigger a denial of service.
Impacted products: DB2 UDB
Severity: 2/4
Creation date: 16/12/2013
DESCRIPTION OF THE VULNERABILITY
The IBM DB2 product analyzes XSLT files.
However, it does not check if a pointer is NULL, before using it.
An attacker can therefore create a malicious XSLT file, to
dereference a NULL pointer in IBM DB2, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-DB2-NULL-pointer-dereference-via-XSLT-13951