IBM32E34702D3C1089DABC5F61E8692CABB60A8B147D0704480644A5B8C3E12688CSecurity Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977)
EPSS
Percentile
44.3%
Summary
IBM DB2 contains a denial of service vulnerability on Linux System z® platform. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SQL statement with the TRUNCATE scalar functions. This could result in a DB2 server crash; if so, the server would need to be restarted.
Vulnerability Details
CVEID: CVE-2018-1977 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154032> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
All fix pack levels of IBM Db2 V11.1 editions on Linux System z® platforms are affected. Other platforms are not affected.
Remediation/Fixes
The recommended solution is to apply the appropriate fix for this vulnerability.
FIX:
The fix for DB2 V11.1 is in V11.1.4.4, available for download from Fix Central.
| Release | Fixed in fix pack | APAR | Download URL |
|---|---|---|---|
| V11.1 | FP4 | IT25162 | <http://www.ibm.com/support/docview.wss?uid=ibm10741687> |
Workarounds and Mitigations
None.
Related
EPSS
Percentile
44.3%