Primary

Context

IBM Db2 Buffer Overflow Vulnerability in db2fm Component Allowing Arbitrary Code Execution

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in IBM Db2 for Linux versions 12.1.0, 12.1.1, and 12.1.2. This vulnerability arises in the db2fm component due to improper bounds checking, allowing local users to overflow the buffer and execute arbitrary code on the system.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the affected system.

Remediation

Users can download a special build containing the interim fix for this vulnerability from IBM Fix Central. For Db2 version 11.5, the fix is available in special build #62071 or later for version 11.5.9. For Db2 version 12.1, the fix is available in special build #62100 or later for version 12.1.1, and the latest version 12.1.2 special build is also available.

Added: Jul 29, 2025, 7:26 PM

Updated: Jul 29, 2025, 7:26 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Buffer Overflow Vulnerability in db2fm Component Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating