CVE-2020-4204: 
IBM Db2 vulnerability analysis and mitigation

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow vulnerability identified as CVE-2020-4204. The vulnerability is caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges (IBM Security).

The vulnerability has been assigned a CVSS Base score of 8.4 with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability stems from improper bounds checking in the DB2 database system, which could be exploited by a local authenticated user (IBM Security).

If successfully exploited, this vulnerability allows a local attacker to execute arbitrary code with root privileges on the affected system. This means an attacker could gain complete control over the system, potentially accessing, modifying, or destroying sensitive data and executing malicious commands with the highest system privileges (IBM Security).

IBM has released fixes for various versions of DB2. The fix for DB2 V10.5 is available in V10.5.0.11. For other versions, special builds containing interim fixes are available based on the most recent fixpack level: V9.7 FP11, V10.1 FP6, V10.5 FP10, 11.1 FP5, and V11.5 GA. These special builds can be applied to any affected fixpack level of the appropriate release (IBM Security).