CVE-2024-31880: IBM Db2 denial of service
Published Jun 11, 2024
·Updated
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
Affected Software
9 affected components
IBM IBM® Db2®<=10.5.0 - 10.5.11
IBM IBM® Db2®<=11.1.4 - 11.1.4.7
IBM IBM® Db2®<=11.5.0 - 11.5.9
All of the following
Any of the following
IBM DB2>=10.5.0.0<=10.5.11
IBM DB2>=11.1.4<=11.1.4.7
IBM DB2>=11.5<=11.5.9
Any of the following
Linux Linux kernel
Microsoft Windows
Opengroup Unix
Event History
Jun 11, 2024
CVE Published
via IBM·12:00 AM
Oct 23, 2024
CVE Published
via MITRE·01:09 AM
Data Sourced
via MITRE·01:09 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-31880?
CVE-2024-31880 is classified as a denial of service vulnerability affecting specific versions of IBM Db2.
2
How do I fix CVE-2024-31880?
To fix CVE-2024-31880, update IBM Db2 to the latest version that addresses this vulnerability.
3
Which versions of IBM Db2 are affected by CVE-2024-31880?
CVE-2024-31880 affects IBM Db2 versions 10.5, 11.1, and 11.5 under specific configurations.
4
Can CVE-2024-31880 be exploited by unauthenticated users?
No, CVE-2024-31880 can only be exploited by authenticated users using a specially crafted SQL statement.
5
What type of impact does CVE-2024-31880 have on IBM Db2?
CVE-2024-31880 can lead to a denial of service, causing the IBM Db2 server to crash.