Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows
CVE-2024-52903

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Db2 For Linux, Unix And Windows
Vendor: CVE Published:; 1 May 2025

Summary

IBM Db2 for Linux, UNIX and Windows versions 12.1.0 and 12.1.1 are prone to a denial of service vulnerability where the database server may crash when processing specially crafted queries. This behavior allows attackers to disrupt service availability, posing a risk to system integrity and user access. It is crucial for users to take preventive measures and apply recommended patches as per IBM's advisory to mitigate this risk.

Affected Version(s)

Db2 for Linux, UNIX and Windows 12.1.0, 12.1.1

References

https://www.ibm.com/support/pages/node/7232336

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Nov 17, 2024