CVE-2024-52894
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-29

Last updated on: 2025-08-07

Assigner: IBM Corporation

Description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-29
Last Modified
2025-08-07
Generated
2026-05-07
AI Q&A
2025-07-29
EPSS Evaluated
2026-05-05
NVD
CVE-2024-52894
EUVD
EUVD-2024-54831
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 10.5.0.0 (inc) to 10.5.0.11 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.1.0 (inc) to 11.1.4.7 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2024-52894 is a denial of service vulnerability in IBM Db2 for Linux, UNIX, and Windows, including Db2 Connect Server. It is caused by a stack-based buffer overflow that can crash the Db2 server when it processes a specially crafted query. The vulnerability requires high privileges to exploit and does not impact confidentiality or integrity, but it severely affects availability by causing the server to crash. [1]


How can this vulnerability impact me? :

This vulnerability can cause the IBM Db2 server to crash, resulting in a denial of service. This means that the database service could become unavailable, disrupting applications and services that rely on it. Since the attack requires high privileges, it may be limited to authorized users or attackers who have gained elevated access, but the impact on availability can be significant. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

IBM does not disclose detailed replication steps or specific commands to detect this vulnerability to prevent aiding potential attackers. However, monitoring for unexpected Db2 server crashes or denial of service symptoms when processing queries may indicate exploitation attempts. Disabling the locking event monitor is suggested as a mitigation step. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include applying the special interim fix builds provided by IBM corresponding to your Db2 version and platform, such as special builds #62071 or later for V11.5.9 and #62100 or later for V12.1.1. Additionally, disabling the locking event monitor is recommended. Customers should subscribe to IBM notifications for future security bulletins. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart