CVE-2021-29702

HIGH

IBM Db2 11.1-11.1.4 - Denial of Service via Crafted SELECT Statement

Title source: llm
STIX 2.1

Description

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6463985
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/200658
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210720-0005/

Scores

CVSS v3 7.5
EPSS 0.0188
EPSS Percentile 76.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-74
Status published
Products (1)
ibm/db2 11.1 - 11.1.4
Published Jun 16, 2021
Tracked Since Feb 18, 2026