CVE-2020-4135

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGH
EPSS
0.9%
top 24.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM DB2 FOR Linux- Unix AND WindowsIBM DB2
Timeline
PublishedFeb 19
Latest updateMay 24

Description

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/db2_for_linux-_unix_and_windows5 versions+4
NVDibm/db25 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-f5pg-467w-p7f7: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 92022-05-24
CVEList
CVE-2020-4135: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 92020-02-19
CVE-2020-4135 (HIGH CVSS 7.5) | IBM DB2 for Linux | cvebase.io