CVE-2024-49828

MEDIUM

IBM Db2 10.5.0.0-10.5.0.11, 11.1.0-11.1.4.7, 11.5.0-11.5.9, 12.1.0-12.1.2 - Denial of Service via Crafted Query

Title source: llm
STIX 2.1

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7240945

Scores

CVSS v3 6.5
EPSS 0.0021
EPSS Percentile 43.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-121
Status published
Products (1)
ibm/db2 10.5.0.0 - 10.5.0.11 (3 CPE variants)
Published Jul 29, 2025
Tracked Since Feb 18, 2026