Primary

Context

IBM Db2 Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4. The issue arises when a specially crafted query is executed using a small statement heap, leading to uncontrolled resource consumption.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the database becomes unresponsive or unavailable.

Remediation

Users can increase the statement heap by setting a larger STMTHEAP value. Alternatively, the optimization level can be reduced to 0 by appending an optimizer guideline to the query. Customers running Db2 V11.5 or V12.1 can download a special build containing the interim fix from Fix Central.

Added: May 28, 2026, 5:14 AM

Updated: May 28, 2026, 5:14 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

3.5

remediation

8.3

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

3.5

remediation

8.3

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating