CVE-2024-52903: IBM Db2 denial of service
Published May 1, 2025
·Updated
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Affected Software
6 affected components
IBM DB2>=12.1.0<=12.1.1
IBM IBM® Db2®<=12.1.0 - 12.1.1
All of the following
IBM DB2>=12.1.0<=12.1.1
Any of the following
Linux Linux kernel
Microsoft Windows
Opengroup Unix
Remediation
Information
Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability.
Event History
May 1, 2025
CVE Published
via MITRE·10:15 PM
Data Sourced
via MITRE·10:15 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Aug 12, 2025
Data Sourced
via IBM·02:15 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-52903?
CVE-2024-52903 has a severity rating of high due to its potential to cause a denial of service by crashing the IBM Db2 server.
2
How do I fix CVE-2024-52903?
To mitigate CVE-2024-52903, users should upgrade to IBM Db2 versions beyond 12.1.1 that have addressed this vulnerability.
3
What versions of IBM Db2 are affected by CVE-2024-52903?
CVE-2024-52903 affects IBM Db2 versions 12.1.0 and 12.1.1.
4
What type of vulnerability is CVE-2024-52903?
CVE-2024-52903 is classified as a denial of service vulnerability that can cause the server to crash.
5
How can I determine if my system is vulnerable to CVE-2024-52903?
You can determine vulnerability by checking if your IBM Db2 version is 12.1.0 or 12.1.1 and testing for potential crash conditions with crafted queries.