Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0083
Vulnerability from certfr_avis - Published: 2026-01-23 - Updated: 2026-01-23
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | Db2 Big SQL versions antérieures à 8.2.1 sur Cloud Pak for Data versions antérieures à 5.3 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.3.0.x antérieures à 6.3.0.6_iFix026 pour Windows | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.3.0.x antérieures à 6.3.0.6.iFix014 pour Unix | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.4.0.x antérieures à 6.4.0.3_iFix022 pour Windows | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.2.0.x antérieures à 6.2.0.8_iFix007 pour Windows | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.4.0.x antérieures à 6.4.0.3.iFix014 pour Unix | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.2.0.x antérieures à 6.2.0.9.iFix006 pour Unix |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 8.2.1 sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix026 pour Windows",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6.iFix014 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.3_iFix022 pour Windows",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.8_iFix007 pour Windows",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.3.iFix014 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.9.iFix006 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2024-49350",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2025-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
},
{
"name": "CVE-2025-1992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
},
{
"name": "CVE-2025-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
},
{
"name": "CVE-2025-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-3050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2025-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-52903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
}
],
"initial_release_date": "2026-01-23T00:00:00",
"last_revision_date": "2026-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0083",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257889",
"url": "https://www.ibm.com/support/pages/node/7257889"
},
{
"published_at": "2026-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257852",
"url": "https://www.ibm.com/support/pages/node/7257852"
},
{
"published_at": "2026-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257796",
"url": "https://www.ibm.com/support/pages/node/7257796"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257891",
"url": "https://www.ibm.com/support/pages/node/7257891"
},
{
"published_at": "2026-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257797",
"url": "https://www.ibm.com/support/pages/node/7257797"
},
{
"published_at": "2026-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257854",
"url": "https://www.ibm.com/support/pages/node/7257854"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257888",
"url": "https://www.ibm.com/support/pages/node/7257888"
}
]
}
CVE-2022-3171 (GCVE-0-2022-3171)
Vulnerability from cvelistv5 – Published: 2022-10-12 00:00 – Updated: 2025-04-21 13:47
VLAI
EPSS
Title
Memory handling vulnerability in ProtocolBuffers Java core and lite
Summary
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
Severity
4.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/protocolbuffers/protobuf/secur… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202301-09 | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google LLC | Protocolbuffers |
Affected:
3.21.7 , < 3.21.7
(custom)
Affected: 3.20.3 , < 3.20.3 (custom) Affected: 3.19.6 , < 3.19.6 (custom) Affected: 3.16.3 , < 3.16.3 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
},
{
"name": "FEDORA-2022-25f35ed634",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
},
{
"name": "GLSA-202301-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202301-09"
},
{
"name": "FEDORA-2022-15729fa33d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:36:41.564407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:47:57.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"core and lite"
],
"product": "Protocolbuffers",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "3.21.7",
"status": "affected",
"version": "3.21.7",
"versionType": "custom"
},
{
"lessThan": "3.20.3",
"status": "affected",
"version": "3.20.3",
"versionType": "custom"
},
{
"lessThan": "3.19.6",
"status": "affected",
"version": "3.19.6",
"versionType": "custom"
},
{
"lessThan": "3.16.3",
"status": "affected",
"version": "3.16.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
},
{
"name": "FEDORA-2022-25f35ed634",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
},
{
"name": "GLSA-202301-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202301-09"
},
{
"name": "FEDORA-2022-15729fa33d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Memory handling vulnerability in ProtocolBuffers Java core and lite",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-3171",
"datePublished": "2022-10-12T00:00:00.000Z",
"dateReserved": "2022-09-09T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:47:57.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3509 (GCVE-0-2022-3509)
Vulnerability from cvelistv5 – Published: 2022-11-01 18:09 – Updated: 2025-04-22 15:10
VLAI
EPSS
Title
Parsing issue in protobuf textformat
Summary
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProtocolBuffers |
Affected:
3.21.0 , < 3.21.7
(semver)
Affected: 3.20.0 , < 3.20.3 (semver) Affected: 3.19.0 , < 3.19.6 (semver) Affected: 3.16.0 , < 3.16.3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:09:47.292910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:10:13.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "ProtocolBuffers",
"repo": "https://github.com/protocolbuffers/protobuf/",
"vendor": "Google",
"versions": [
{
"lessThan": "3.21.7",
"status": "affected",
"version": "3.21.0",
"versionType": "semver"
},
{
"lessThan": "3.20.3",
"status": "affected",
"version": "3.20.0",
"versionType": "semver"
},
{
"lessThan": "3.19.6",
"status": "affected",
"version": "3.19.0",
"versionType": "semver"
},
{
"lessThan": "3.16.3",
"status": "affected",
"version": "3.16.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.\u003c/span\u003e"
}
],
"value": "A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Parsing issue in protobuf textformat",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-3509",
"datePublished": "2022-11-01T18:09:31.634Z",
"dateReserved": "2022-10-14T13:51:45.771Z",
"dateUpdated": "2025-04-22T15:10:13.149Z",
"requesterUserId": "0482d1dc-86d9-41dd-bdd2-3f4c4834e1b3",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3510 (GCVE-0-2022-3510)
Vulnerability from cvelistv5 – Published: 2022-11-11 16:35 – Updated: 2025-04-22 15:09
VLAI
EPSS
Title
Parsing issue in protobuf message-type extension
Summary
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/protocolbuffers/protobuf/commi… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProtocolBuffers |
Affected:
3.21.0 , < 3.21.7
(semver)
Affected: 3.20.0 , < 3.20.3 (semver) Affected: 3.19.0 , < 3.19.6 (semver) Affected: 3.16.0 , < 3.16.3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:08:55.087167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:09:17.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "ProtocolBuffers",
"repo": "https://github.com/protocolbuffers/protobuf/",
"vendor": "Google",
"versions": [
{
"lessThan": "3.21.7",
"status": "affected",
"version": "3.21.0",
"versionType": "semver"
},
{
"lessThan": "3.20.3",
"status": "affected",
"version": "3.20.0",
"versionType": "semver"
},
{
"lessThan": "3.19.6",
"status": "affected",
"version": "3.19.0",
"versionType": "semver"
},
{
"lessThan": "3.16.3",
"status": "affected",
"version": "3.16.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.\u003c/p\u003e"
}
],
"value": "A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Parsing issue in protobuf message-type extension",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-3510",
"datePublished": "2022-11-11T16:35:20.765Z",
"dateReserved": "2022-10-14T13:53:33.104Z",
"dateUpdated": "2025-04-22T15:09:17.050Z",
"requesterUserId": "0482d1dc-86d9-41dd-bdd2-3f4c4834e1b3",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23454 (GCVE-0-2024-23454)
Vulnerability from cvelistv5 – Published: 2024-09-25 07:45 – Updated: 2025-09-05 09:09
VLAI
EPSS
Title
Apache Hadoop: Temporary File Local Information Disclosure
Summary
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.
This is because, on unix-like systems, the system temporary directory is
shared between all local users. As such, files written in this directory,
without setting the correct posix permissions explicitly, may be viewable
by all other local users.
Severity
No CVSS data available.
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://issues.apache.org/jira/browse/HADOOP-19031 | issue-tracking |
| https://lists.apache.org/thread/xlo7q8kn4tsjvx059… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Hadoop |
Affected:
0 , < 3.4.0
(semver)
|
Credits
Andrea Cosentino
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-01T17:03:09.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/25/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241101-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:19:22.767501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T20:09:52.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Hadoop",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Cosentino"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eApache Hadoop\u2019s RunJar.run()\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not set permissions for temporary directory\u0026nbsp;by default. I\u003c/span\u003e\u003c/span\u003ef sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users.\n\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Apache Hadoop\u2019s RunJar.run()\u00a0does not set permissions for temporary directory\u00a0by default. If sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378 Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T09:09:36.997Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://issues.apache.org/jira/browse/HADOOP-19031"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs"
}
],
"source": {
"defect": [
"HADOOP-19031"
],
"discovery": "UNKNOWN"
},
"title": "Apache Hadoop: Temporary File Local Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-23454",
"datePublished": "2024-09-25T07:45:43.496Z",
"dateReserved": "2024-01-17T09:57:28.086Z",
"dateUpdated": "2025-09-05T09:09:36.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47535 (GCVE-0-2024-47535)
Vulnerability from cvelistv5 – Published: 2024-11-12 15:50 – Updated: 2024-11-13 20:44
VLAI
EPSS
Title
Denial of Service attack on windows app using Netty
Summary
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Severity
5.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/netty/netty/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/netty/netty/commit/fbf7a704a82… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netty:netty:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netty",
"vendor": "netty",
"versions": [
{
"lessThan": "4.1.115",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T20:43:58.714521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T20:44:41.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.115"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:50:08.334Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
},
{
"name": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3"
}
],
"source": {
"advisory": "GHSA-xq3w-v528-46rv",
"discovery": "UNKNOWN"
},
"title": "Denial of Service attack on windows app using Netty"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47535",
"datePublished": "2024-11-12T15:50:08.334Z",
"dateReserved": "2024-09-25T21:46:10.929Z",
"dateUpdated": "2024-11-13T20:44:41.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49350 (GCVE-0-2024-49350)
Vulnerability from cvelistv5 – Published: 2025-05-29 19:18 – Updated: 2025-08-26 14:55
VLAI
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7235069 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Affected:
11.5.0 , ≤ 11.5.9
(semver)
Affected: 12.1.0 , ≤ 12.1.1 (semver) Affected: 11.1.0 , ≤ 11.1.4.7 (semver) cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T19:29:09.140724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T19:29:27.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 for Linux, UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.1",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:55:29.346Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7235069"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers running any vulnerable affected level of an affected Program, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.1.4 FP7, V11.5.9, and V12.1.1. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability."
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.1.4 FP7, V11.5.9, and V12.1.1. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49350",
"datePublished": "2025-05-29T19:18:06.431Z",
"dateReserved": "2024-10-14T12:05:24.914Z",
"dateUpdated": "2025-08-26T14:55:29.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49828 (GCVE-0-2024-49828)
Vulnerability from cvelistv5 – Published: 2025-07-29 19:04 – Updated: 2025-08-17 01:23
VLAI
EPSS
Title
IBM Db2 for Linux, UNIX and Windows denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7240945 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 |
Affected:
10.5.0.0 , ≤ 10.5.0.11
(semver)
Affected: 11.1.0 , ≤ 11.1.4.7 (semver) Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.2 (semver) cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T19:24:56.676172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:25:10.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Unix",
"AIX",
"z/OS"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.0.11",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.2",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2\u00a0is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:23:37.630Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240945"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eRelease Fixed in mod pack APAR Download URL\u003cbr\u003eV10.5 TBD DT398583 Special Build for V10.5 FP11:\u003cbr\u003eAIX 64-bit\u003cbr\u003eHP-UX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 big endian\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eSolaris 64-bit, x86-64\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.1 TBD DT398583 Special Build for V11.1.4 FP7:\u003cbr\u003eAIX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.5 TBD DT398583 \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eV12.1 V12.1.2 DT398583 \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\n \n\nRelease Fixed in mod pack APAR Download URL\nV10.5 TBD DT398583 Special Build for V10.5 FP11:\nAIX 64-bit\nHP-UX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 big endian\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nSolaris 64-bit, x86-64\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.1 TBD DT398583 Special Build for V11.1.4 FP7:\nAIX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.5 TBD DT398583 \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \n\nV12.1 V12.1.2 DT398583 \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 for Linux, UNIX and Windows denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49828",
"datePublished": "2025-07-29T19:04:20.976Z",
"dateReserved": "2024-10-20T13:40:37.122Z",
"dateUpdated": "2025-08-17T01:23:37.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51473 (GCVE-0-2024-51473)
Vulnerability from cvelistv5 – Published: 2025-07-29 19:02 – Updated: 2025-08-17 01:21
VLAI
EPSS
Title
IBM Db2 for Linux, UNIX and Windows denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2
is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7240944 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 |
Affected:
10.5.0.0 , ≤ 10.5.0.11
(semver)
Affected: 11.1.0 , ≤ 11.1.4.7 (semver) Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.2 (semver) cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T19:26:53.044217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:27:04.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Unix",
"AIX",
"z/OS"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.0.11",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.2",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 \n\nis vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:21:55.841Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240944"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003eRelease Fixed in mod pack APAR Download URL\u003cbr\u003eV10.5 TBD DT398812 \u003cbr\u003eSpecial Build for V10.5 FP11:\u003cbr\u003e\u003cbr\u003eAIX 64-bit\u003cbr\u003eHP-UX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 big endian\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eSolaris 64-bit, x86-64\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.1 TBD DT398812 Special Build for V11.1.4 FP7:\u003cbr\u003eAIX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.5 TBD DT398812 \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003eV12.1 V12.1.2 DT398812 \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003cbr\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\nRelease Fixed in mod pack APAR Download URL\nV10.5 TBD DT398812 \nSpecial Build for V10.5 FP11:\n\nAIX 64-bit\nHP-UX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 big endian\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nSolaris 64-bit, x86-64\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.1 TBD DT398812 Special Build for V11.1.4 FP7:\nAIX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.5 TBD DT398812 \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \nV12.1 V12.1.2 DT398812 \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 for Linux, UNIX and Windows denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-51473",
"datePublished": "2025-07-29T19:02:40.346Z",
"dateReserved": "2024-10-28T10:50:18.700Z",
"dateUpdated": "2025-08-17T01:21:55.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52894 (GCVE-0-2024-52894)
Vulnerability from cvelistv5 – Published: 2025-07-29 19:00 – Updated: 2025-08-17 01:23
VLAI
EPSS
Title
IBM Db2 for Linux, UNIX and Windows denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity
4.9 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7240953 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 |
Affected:
10.5.0.0 , ≤ 10.5.0.11
(semver)
Affected: 11.1.0 , ≤ 11.1.4.7 (semver) Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.2 (semver) cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T19:29:51.532514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:30:03.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Unix",
"AIX",
"z/OS"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.0.11",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.2",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:23:03.366Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240953"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003eRelease Fixed in mod pack APAR Download URL\u003cbr\u003eV10.5 TBD DT398812 \u003cbr\u003eSpecial Build for V10.5 FP11:\u003cbr\u003e\u003cbr\u003eAIX 64-bit\u003cbr\u003eHP-UX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 big endian\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eSolaris 64-bit, x86-64\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.1 TBD DT398812 Special Build for V11.1.4 FP7:\u003cbr\u003eAIX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.5 TBD DT398812 \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003eV12.1 V12.1.2 DT398812 \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003cbr\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\nRelease Fixed in mod pack APAR Download URL\nV10.5 TBD DT398812 \nSpecial Build for V10.5 FP11:\n\nAIX 64-bit\nHP-UX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 big endian\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nSolaris 64-bit, x86-64\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.1 TBD DT398812 Special Build for V11.1.4 FP7:\nAIX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.5 TBD DT398812 \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \nV12.1 V12.1.2 DT398812 \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 for Linux, UNIX and Windows denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-52894",
"datePublished": "2025-07-29T19:00:12.910Z",
"dateReserved": "2024-11-17T14:25:44.935Z",
"dateUpdated": "2025-08-17T01:23:03.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52903 (GCVE-0-2024-52903)
Vulnerability from cvelistv5 – Published: 2025-05-01 22:15 – Updated: 2025-09-29 15:26
VLAI
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity
5.3 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7232336 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Affected:
12.1.0
Affected: 12.1.1 cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:z:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:z:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T14:35:40.817374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T14:35:49.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:z:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:z:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 for Linux, UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"value": "IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:26:07.133Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232336"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-52903",
"datePublished": "2025-05-01T22:15:48.366Z",
"dateReserved": "2024-11-17T14:25:57.179Z",
"dateUpdated": "2025-09-29T15:26:07.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…