CVE-2025-36071

🗓️ 29 Jul 2025 18:27:40Reported by ibmType

IBM Db2 vulnerable to denial of service due to memory resource mismanagement in specific versions

Reporter	Title	Published	Views	Family All 15
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server	7 Aug 202515:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.	23 Jan 202611:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (August 2025 - Part 2 of 2)	2 Sep 202518:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Db2 used by IBM Security Verify Governance has multiple vulnerabilities	10 Sep 202517:30	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities	30 Jan 202616:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Db2® is vulnerable to denial of service when running federated queries with the certain condition (CVE-2025-36071)	9 Dec 202522:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager	14 Aug 202508:53	–	ibm
Circl	CVE-2025-36071	29 Jul 202519:42	–	circl
CNNVD	IBM Db2 安全漏洞	29 Jul 202500:00	–	cnnvd
Cvelist	CVE-2025-36071 IBM Db2 denial of service	29 Jul 202518:27	–	cvelist

NVD

Vulners

Node

ibm db2Range11.5.0–11.5.9linux

ibm db2Range11.5.0–11.5.9unix

ibm db2Range11.5.0–11.5.9windows

ibm db2Range12.1.0–12.1.2linux

ibm db2Range12.1.0–12.1.2unix

ibm db2Range12.1.0–12.1.2windows

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
      "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
      "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
    ],
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux",
      "Unix",
      "AIX",
      "z/OS"
    ],
    "product": "IBM Db2",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "11.5.9",
        "status": "affected",
        "version": "11.5.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "12.1.2",
        "status": "affected",
        "version": "12.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7240955

07 Aug 2025 00:31Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.16.5 - 7.5

EPSS0.00209

SSVC

CWE-772