CVE-2024-49350

Published: May 29, 2025Modified: Jun 9, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Affected (9)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Ibm Db2	From 11.1 to 11.1.4.7
Ibm Db2	From 11.5 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.1
Ibm Db2	From 11.1 to 11.1.4.7
Ibm Db2	From 11.5 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.1
Ibm Db2	From 11.1 to 11.1.4.7
Ibm Db2	From 11.5 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.1

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://www.ibm.com/support/pages/node/7235069

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.