CVE-2025-33092
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-06
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2 | 12.1.0 |
| ibm | db2 | 12.1.1 |
| ibm | db2 | 12.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the db2fm component of IBM Db2 for Linux versions 12.1.0, 12.1.1, and 12.1.2. It occurs due to improper bounds checking, which allows a local user to overflow the stack buffer and execute arbitrary code on the affected system. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local user to execute arbitrary code on the system, potentially leading to full compromise of confidentiality, integrity, and availability of the affected IBM Db2 system. This means an attacker could gain unauthorized access, modify data, or disrupt services. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the special build interim fixes released by IBM for the affected IBM Db2 versions. For version 11.5.9, install Special Build #62071 or later (APAR DT436195); for version 12.1.1, install Special Build #62100 or later; and for version 12.1.2, apply the latest cumulative special builds available from IBM Fix Central. No workarounds or alternative mitigations are provided, so updating to these fixed builds is the recommended immediate action. [1]