CVE-2024-49828
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-29

Last updated on: 2025-08-13

Assigner: IBM Corporation

Description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2Β is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-29
Last Modified
2025-08-13
Generated
2026-05-07
AI Q&A
2025-07-29
EPSS Evaluated
2026-05-05
NVD
CVE-2024-49828
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in IBM Db2 for Linux, UNIX, and Windows is a denial of service (DoS) caused by a stack-based buffer overflow. When the Db2 server processes specially crafted queries, it may crash, leading to service disruption. The vulnerability affects multiple Db2 versions and platforms and requires low privileges to exploit without user interaction. [1]


How can this vulnerability impact me? :

The vulnerability can cause the Db2 server to crash, resulting in denial of service and loss of availability of the database services. This can disrupt business operations relying on the database, potentially causing downtime and impacting system reliability. [1]


What immediate steps should I take to mitigate this vulnerability?

Apply the special interim fix builds provided by IBM for your Db2 server version as soon as possible. These fixes are available from IBM Fix Central and correspond to the latest mod pack levels for each affected release. There are no workarounds or mitigations available other than applying these fixes. Additionally, subscribe to IBM notifications for future security alerts and assess the impact of this vulnerability in your environment. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart