CVE-2025-36009
Unknown
Unknown - Not Provided
Denial of Service via Global Variable in IBM Db
Publication date: 2026-01-30
Last updated on: 2026-02-11
Assigner: IBM Corporation
Description
Description
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
| CWE-1108 | The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context. |
