CVE-2025-2533
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-06
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2 | 12.1.0 |
| ibm | db2 | 12.1.1 |
| ibm | db2 | 12.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Db2 for Linux versions 12.1.0 through 12.1.2 allows an attacker to cause a denial of service (DoS) by making the Db2 server crash when it processes a specially crafted query. It is related to memory allocation issues where an excessive size value can cause the server to fail. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service, meaning the availability of the IBM Db2 server can be disrupted by crashing it. This can lead to downtime and interruption of services relying on the database. There is no impact on confidentiality or integrity, but availability is highly affected. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the special build interim fixes available from IBM Fix Central for IBM Db2 versions 12.1.0 through 12.1.2 on Linux platforms as soon as possible. These fixes correspond to mod pack levels V12.1.1 and V12.1.2, with APAR DT425951 addressing the issue in mod pack V12.1.2. No workarounds or other mitigations are provided, so prompt application of these interim fixes is the recommended immediate step. [1]