CVE-2025-36009
Unknown
Unknown - Not Provided
Denial of Service via Global Variable in IBM Db
Publication date: 2026-01-30
Last updated on: 2026-02-11
Assigner: IBM Corporation
Description
Description
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
| CWE-1108 | The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can impact you by causing a denial of service condition, which means the affected IBM Db2 service could become unavailable or unresponsive due to the excessive use of a global variable by an unauthenticated user.
Can you explain this vulnerability to me?
This vulnerability in IBM Db2 for Linux, UNIX, and Windows (versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.3) allows an unauthenticated user to cause a denial of service by excessively using a global variable.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70