Skip to main content

Db2 CVE-2025-36407

MEDIUM
Improper Validation of Specified Quantity in Input (CWE-1284)
2026-01-30 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
Patch released
Feb 09, 2026 - 15:16 nvd
Patch available
CVE Published
Jan 30, 2026 - 22:15 nvd
MEDIUM 6.5

DescriptionCVE.org

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.

AnalysisAI

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. [CVSS 6.5 MEDIUM]

Technical ContextAI

Affects Db2. IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

More in Db2

View all
CVE-2012-4826 HIGH
8.5 Oct 20

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IB

CVE-2017-1297 HIGH POC
7.3 Jun 27

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-bas

CVE-2014-3094 HIGH
8.5 Sep 04

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux

CVE-2012-1797 CRITICAL
10.0 Mar 20

IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. Rated critic

CVE-2026-10109 CRITICAL
9.8 Jun 30

Remote code execution in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 lets unauthenticated network attackers run arbitrary co

CVE-2012-2197 HIGH
7.1 Jul 25

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7

CVE-2012-3324 CRITICAL
9.0 Sep 25

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows re

CVE-2018-1426 CRITICAL
9.1 Mar 22

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system

CVE-2012-0711 HIGH
7.5 Mar 20

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.

CVE-2013-6744 HIGH
8.5 May 30

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows a

CVE-2015-1935 HIGH
8.0 Jul 20

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 o

CVE-2023-27869 HIGH
8.8 Jul 10

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker

Share

CVE-2025-36407 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy