Vulnerability Details : CVE-2021-29763
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2021-29763
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 30 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-29763
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:N/A:P |
3.4
|
2.9
|
NIST |
5.1
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.4
|
3.6
|
IBM Corporation |
5.1
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
1.4
|
3.6
|
NIST |
CWE ids for CVE-2021-29763
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-29763
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/202267
IBM Db2 denial of service CVE-2021-29763 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20211029-0005/
September 2021 IBM Db2 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.ibm.com/support/pages/node/6489493
Security Bulletin: IBM® Db2® under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. (CVE-2Vendor Advisory
Products affected by CVE-2021-29763
- cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:*:-:*:*