CVE-2021-29763

EPSS 0.06%
Veröffentlicht 16.09.2021 16:15:08
Zuletzt bearbeitet 21.11.2024 06:01:45
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Db2 Version11.1 SwPlatform-

   Ibm ≫ Aix Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-
   Opengroup ≫ Unix Version-
   Oracle ≫ Solaris Version- HwPlatform-

Ibm ≫ Db2 Version11.5 SwPlatform-

   Ibm ≫ Aix Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-
   Opengroup ≫ Unix Version-
   Oracle ≫ Solaris Version- HwPlatform-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	1.4	3.6	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:N/A:P
psirt@us.ibm.com	5.1	1.4	3.6	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://exchange.xforce.ibmcloud.com/vulnerabilities/202267

Vendor Advisory

VDB Entry

https://security.netapp.com/advisory/ntap-20211029-0005/

Third Party Advisory

https://www.ibm.com/support/pages/node/6489493

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-29763

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29763

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29763

EUVD