Primary

Context

IBM Db2 Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, versions 11.5.0 prior to 11.5.9 and 12.1.0 prior to 12.1.2. The issue arises when the server crashes under certain conditions while processing specially crafted federated queries, due to improper management of memory resources. This vulnerability affects all platforms.

Impact

Exploitation of this vulnerability can lead to a server crash, causing a denial-of-service condition.

Remediation

Users can upgrade to the special build containing the interim fix for this issue. For Db2 version 11.5, this build is available through the IBM Support portal. For Db2 version 12.1, the special build can be downloaded from the IBM Support page for Db2 v12.1.1 or v12.1.2.

Added: Jul 29, 2025, 7:21 PM

Updated: Jul 29, 2025, 7:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating