IBM Db2 for Linux code execution

July 29, 2025 invoker category_cve

CVE Details

Basic Information

Title IBM Db2 for Linux code execution
Type cve
Published 2025-07-29T18:36:58.168Z
Modified 2025-07-29T18:47:12.628Z

Product Information

Vendor IBM
Product Db2
Version 11.5.0

CVSS Information

Base Score 7.8 (HIGH)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Analysis

AI Description IBM Db2 for Linux versions 12.1.0, 12.1.1, and 12.1.2 are vulnerable to a stack-based buffer overflow in the db2fm component due to improper bounds checking. This allows a local user to execute arbitrary code on the system, posing a significant security risk.
AI Severity High
AI Vendor IBM
AI Product IBM Db2 for Linux
AI Version 12.1.0, 12.1.1, 12.1.2

Affected Products

  • IBM Db2 11.5.0
  • IBM Db2 12.1.0

Additional Information

CWE List CWE-121
Source ibm

Description

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2

is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.