IBM DB2 contains a denial of service vulnerability on Linux System z® platform. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SQL statement with the TRUNCATE scalar functions. This could result in a DB2 server crash; if so, the server would need to be restarted.
CVEID: CVE-2018-1977 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154032> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
All fix pack levels of IBM Db2 V11.1 editions on Linux System z® platforms are affected. Other platforms are not affected.
The recommended solution is to apply the appropriate fix for this vulnerability.
FIX:
The fix for DB2 V11.1 is in V11.1.4.4, available for download from Fix Central.
Release | Fixed in fix pack | APAR | Download URL |
---|---|---|---|
V11.1 | FP4 | IT25162 | <http://www.ibm.com/support/docview.wss?uid=ibm10741687> |
None.