CVE-2021-39056: 
NixOS vulnerability analysis and mitigation

The IBM i Extended Dynamic Remote SQL server (EDRSQL) versions 7.1, 7.2, 7.3, and 7.4 contains a vulnerability that could allow a remote authenticated user to cause a denial of service through specially crafted requests. This vulnerability was assigned CVE-2021-39056 and was disclosed on January 12, 2022 (IBM Security).

The vulnerability has a CVSS Base score of 6.5 (Medium) with the following vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability requires network access and low privileges to exploit, with no user interaction needed. The impact is limited to availability with no confidentiality or integrity impacts (IBM Security).

If exploited, this vulnerability could allow an authenticated remote attacker to cause a denial of service to the Extended Dynamic Remote SQL server (EDRSQL) component of IBM i systems (IBM Security).

IBM has released fixes for all affected versions through PTFs: SI77996 (Release 7.4), SI77995 (Release 7.3), SI78002 (Release 7.2), and SI78040 (Release 7.1). IBM recommends that all users running unsupported versions upgrade to supported and fixed versions of affected products (IBM Security).