PT-2021-18418 · Ibm · Db2
Published
2021-06-16
·
Updated
2021-09-20
·
CVE-2021-29702
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.1.4 and 11.5.5
Description
The issue allows for a denial of service, causing the server to terminate abnormally when it executes a specially crafted SELECT statement.
Recommendations
For version 11.1.4, update to a version that includes the fix for this issue.
For version 11.5.5, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the execution of specially crafted SELECT statements until a patch is available.
Fix
DoS
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Db2