Primary

Context

IBM Db2 Denial-of-Service Vulnerability via Crafted Queries

Vulnerability

Patched

A denial-of-service vulnerability has been identified in IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 for Linux, UNIX, and Windows, including Db2 Connect Server. This vulnerability allows an authenticated user to disrupt service by exploiting improper handling of special elements in data query logic, particularly with queries that involve multiple subqueries.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the database server to become unresponsive or unavailable.

Remediation

Users can upgrade to the special build containing the interim fix for this issue. For Db2 version 11.5, this special build is available through Fix Central. For Db2 version 12.1, the special build can also be obtained from Fix Central. Specific build numbers and download links are provided in the IBM Security Bulletin.

Added: Apr 30, 2026, 10:29 PM

Updated: Apr 30, 2026, 10:29 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

7.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

7.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Denial-of-Service Vulnerability via Crafted Queries

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating