CVE-2025-36366

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.

Affected Software

VendorProductVersion RangeStatus
IBMDb2 for Linux, UNIX and Windows11.5.0 <= 11.5.9affected
IBMDb2 for Linux, UNIX and Windows12.1.0 <= 12.1.3affected

Weaknesses

  • CWE-943: CWE-943

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References