CVE-2021-29763

EPSS 0.06%
Published 16.09.2021 16:15:08
Last modified 21.11.2024 06:01:45
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Db2 Version11.1 SwPlatform-

   Ibm ≫ Aix Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-
   Opengroup ≫ Unix Version-
   Oracle ≫ Solaris Version- HwPlatform-

Ibm ≫ Db2 Version11.5 SwPlatform-

   Ibm ≫ Aix Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-
   Opengroup ≫ Unix Version-
   Oracle ≫ Solaris Version- HwPlatform-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.172

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	1.4	3.6	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:N/A:P
psirt@us.ibm.com	5.1	1.4	3.6	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://exchange.xforce.ibmcloud.com/vulnerabilities/202267

Vendor Advisory

VDB Entry

https://security.netapp.com/advisory/ntap-20211029-0005/

Third Party Advisory

https://www.ibm.com/support/pages/node/6489493

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-29763

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29763

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29763

EUVD