First published: Tue Jun 15 2021(Updated: )
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Db2 | >=11.1<=11.1.4 | |
Ibm Db2 | >=11.5<=11.5.5.0 | |
IBM AIX | ||
Linux Linux kernel | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29702 is a vulnerability in Db2 for Linux, UNIX and Windows that allows an attacker to launch a denial of service attack by executing a specially crafted SELECT statement.
Db2 versions 11.1.4 and 11.5.5 are affected by CVE-2021-29702.
CVE-2021-29702 has a severity rating of 7.5 (high).
No, IBM AIX is not vulnerable to CVE-2021-29702.
No, Linux Linux kernel is not vulnerable to CVE-2021-29702.
No, Microsoft Windows is not vulnerable to CVE-2021-29702.
IBM has released patches and updates for Db2 to address the vulnerability. It is recommended to update to the latest version of Db2.