CVE-2025-33092
published 2025-07-29CVE-2025-33092: IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | db2 | — | — |
| ibm | db2 | — | — |
| ibm | db2 | — | — |
| ibm | db2 | 11.5.0 – 11.5.9 | — |
| ibm | db2 | 12.1.0 – 12.1.2 | — |