CVE-2024-37529: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.1 and 11.5 contains a vulnerability that was disclosed on August 14, 2024. The vulnerability allows an authenticated user to cause a denial of service through a specially crafted query due to improper memory allocation. This vulnerability is tracked as CVE-2024-37529 with IBM X-Force ID: 294295 (IBM Advisory).

The vulnerability stems from improper memory allocation in IBM Db2's query processing mechanism. It has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is associated with CWE-789 (Memory Allocation with Excessive Size Value) (NVD).

When successfully exploited, this vulnerability can result in a denial of service condition, potentially affecting the availability of the Db2 database service. The attack requires authentication but no user interaction, making it a significant concern for systems where users have database access privileges (NVD).

IBM has released special builds containing fixes for this vulnerability. For version 11.5.9, Special Build #43682 or later is available. For version 11.5.8, Special Build #43143 or later can be applied. These special builds can be downloaded from Fix Central and applied to any affected fixpack level to remediate the vulnerability (IBM Advisory).