CVE-2024-45663: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.1, 11.5, and 12.1 is vulnerable to a denial of service vulnerability where the server may crash under certain conditions with a specially crafted query. The vulnerability was discovered and disclosed in November 2024, with IBM assigning it a CVSS v3.1 base score of 6.5 (Medium) (IBM Advisory).

The vulnerability is related to improper memory allocation (CWE-789: Memory Allocation with Excessive Size Value) that can be triggered by a specially crafted query. The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited remotely with low attack complexity, requires low privileges, needs no user interaction, and has a high impact on availability (IBM Advisory).

Successful exploitation of this vulnerability could lead to a denial of service condition where the IBM Db2 server crashes, affecting the availability of database services. The vulnerability has no impact on confidentiality or integrity of the system (NetApp Advisory).

IBM has released special builds containing interim fixes for affected versions. For V11.5, special build #49307 or later for V11.5.8 and special build #50315 or later for V11.5.9 are available. For V12.1, special build #50594 or later has been released. These special builds can be applied to any affected fixpack level of the appropriate release to remediate the vulnerability (IBM Advisory).