6.5

CVE-2025-1992

IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 SwEdition- Version >= 11.5.0 <= 11.5.9
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OpengroupUnix Version-
IbmDb2 Version12.1.0 SwEdition-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OpengroupUnix Version-
IbmDb2 Version12.1.1 SwEdition-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OpengroupUnix Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.366
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
psirt@us.ibm.com 5.3 1.6 3.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.