CVE-2025-36366
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-30
Last updated on: 2026-02-05
Assigner: IBM Corporation
Description
Description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-943 | The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a local user to cause a denial of service, which means the affected system or service could become unavailable or unresponsive.
Can you explain this vulnerability to me?
This vulnerability in IBM Db2 for Linux, UNIX, and Windows (versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.3) allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query logic.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70