CVE-2024-52894: 
IBM Db2 vulnerability analysis and mitigation

CVE-2024-52894 is a vulnerability affecting IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2. The vulnerability was disclosed on July 29, 2025, and involves a potential denial of service condition where the server may crash under certain conditions when a specially crafted query is executed (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow). The issue affects multiple versions of IBM Db2 across various platforms including Linux, UNIX, and Windows operating systems (IBM Advisory).

When successfully exploited, this vulnerability can result in a denial of service condition where the IBM Db2 server may crash under specific circumstances when processing a specially crafted query. This could lead to service interruption and system unavailability (IBM Advisory).

IBM has released special builds containing interim fixes for affected versions. These builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. The fixes can be downloaded from Fix Central and applied to any affected mod pack level of the appropriate release. Note that after December 31, 2025, versions 11.1 and 10.5 of Db2 will not receive security fixes as they will reach End of Support (IBM Advisory).