Denial of Service Vulnerability in IBM DB2 Products
CVE-2009-0172

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 16 January 2009

Summary

A vulnerability has been identified in IBM DB2 versions 8, 9.1, and 9.5, where a specially crafted CONNECT data stream can lead to a denial of service attack. This issue could cause the database service to enter an infinite loop, making it unresponsive to users and applications. Remote attackers could exploit this vulnerability to disrupt services, emphasizing the need for timely updates and system patches to ensure ongoing protection against such threats.

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-...

x_refsource_CONFIRM

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ36534

vendor-advisoryx_refsource_AIXAPAR

http://securitytracker.com/id?1021591

vdb-entryx_refsource_SECTRACK

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 16, 2009
Vulnerability Reserved
Jan 16, 2009