Lucene search

IbmVULNRICHMENT:CVE-2024-35152

HistoryAug 14, 2024 - 5:40 p.m.

CVE-2024-35152 IBM Db2 denial of service

2024-08-1417:40:25

CWE-789

ibm

github.com

ibm

db2

denial of service

vulnerability

memory allocation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

14.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*"
    ],
    "vendor": "IBM",
    "product": "Db2 for Linux, UNIX and Windows",
    "versions": [
      {
        "status": "affected",
        "version": "11.5"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/292639

www.ibm.com/support/pages/node/7165342

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

14.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-35152