CVE-2025-36006
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Db2 | 10.5.0 <= 10.5.11 | affected |
| IBM | Db2 | 11.1.0 <= 11.1.4.7 | affected |
| IBM | Db2 | 11.5.0 <= 11.5.9 | affected |
| IBM | Db2 | 12.1.0 <= 12.1.3 | affected |
Weaknesses
- CWE-404: CWE-404 Improper Resource Shutdown or Release
Workarounds
Workarounds and Mitigations For JCC applications, set queryCloseImplicit property to 2 for the connections. For, CLI and ODBC applications, set SQL_ATTR_EARLYCLOSE property to SQL_EARLYCLOSE_OFF for the statements. Manually recycle connections either by forcing the application handles or by making an application side change (a refresh of the connection pool). You can find the application handles that use most FCM buffers by running db2pd -fcm -member x (look for the highest buffer consumer) and then force.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.