CVE-2020-4135: 
IBM Db2 vulnerability analysis and mitigation

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 were found to contain a denial of service vulnerability. The vulnerability was assigned CVE-2020-4135 and was discovered in December 2019. This security flaw could allow an unauthenticated user to cause excessive memory usage through specially crafted packets (IBM Security, NVD).

The vulnerability has been assigned a CVSS Base score of 7.5 (HIGH) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high availability impact (NetApp Security).

When successfully exploited, this vulnerability allows attackers to cause a denial of service condition through excessive memory usage, which can lead to the abnormal termination of the DB2 server. The attack affects system availability while maintaining confidentiality and integrity (IBM Security).

IBM has released special builds containing interim fixes for all affected versions. These builds are available based on the most recent fixpack levels: V9.7 FP11, V10.1 FP6, V10.5 FP10, V11.1 FP5, and V11.5 GA. The fixes can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. No workarounds are available (IBM Security).