CVE-2024-41761

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5 through 11.5

Description The issue is related to a denial of service condition where the server may crash under certain conditions when processing a specially crafted query. This is due to an uncontrolled memory allocation in the Query Handler.

Recommendations For versions 10.5, 11.1, and 11.5, upgrade the affected components immediately to mitigate the threats. As a temporary workaround, consider restricting the use of specially crafted queries until a patch is available. Avoid using the Query Handler with untrusted input until the issue is resolved.