CVE-2024-51473
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-29

Last updated on: 2025-08-13

Assigner: IBM Corporation

Description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-29
Last Modified
2025-08-13
Generated
2026-05-07
AI Q&A
2025-07-29
EPSS Evaluated
2026-05-05
NVD
CVE-2024-51473
EUVD
EUVD-2024-54832
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in IBM Db2 for Linux, UNIX, and Windows is a denial of service (DoS) caused by a stack-based buffer overflow. When the server processes a specially crafted query, it may crash, leading to service disruption. The issue affects multiple versions of Db2 Server and can be exploited remotely with low complexity and low privileges, without user interaction. [1]


How can this vulnerability impact me? :

The vulnerability can cause the IBM Db2 server to crash, resulting in denial of service and loss of availability of the database services. This can disrupt business operations relying on the database, potentially causing downtime and impacting productivity. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

IBM does not disclose detailed exploitation or replication steps to prevent aiding attackers, so specific detection commands are not provided. Customers are advised to assess their environments for affected IBM Db2 versions and monitor for crashes or denial of service symptoms related to specially crafted queries. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include applying the special interim fix builds available from IBM Fix Central for your specific IBM Db2 version and platform. Additionally, defining federated wrappers with the FENCED option is recommended to prevent exploitation, though it may slightly impact performance. Customers should also subscribe to IBM security notifications for future updates. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart