Primary

Context

IBM Db2 Denial-of-Service Vulnerability via Excessive Global Variable Usage

Vulnerability

Patched

A denial-of-service vulnerability has been identified in IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3. This vulnerability could allow an unauthenticated user to cause a denial-of-service condition by excessively utilizing a global variable, which may lead to the server terminating under certain circumstances.

Impact

Exploitation of this vulnerability can cause the Db2 server to terminate, leading to a denial-of-service condition.

Remediation

Users can download a special build containing the interim fix for this issue from Fix Central. These special builds are available for Db2 versions 11.5.9, 12.1.2, and 12.1.3. Instructions for downloading these builds are available on the IBM Support website.

Added: Jan 30, 2026, 10:37 PM

Updated: Jan 30, 2026, 10:37 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.0

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.0

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Denial-of-Service Vulnerability via Excessive Global Variable Usage

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating