CVE-2024-31882

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.1 and 11.5

Description The issue is a denial of service under specific non-default configurations, where the server may crash when using a specially crafted SQL statement by an authenticated user.

Recommendations For versions 11.1 and 11.5, upgrade the affected components to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the SQL statement functionality until a patch is available. Avoid using specially crafted SQL statements in the affected IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions until the issue is resolved.