CVE-2024-35152 – This vulnerability in IBM Db2 allows authentica... (How to Fix)

Q: What is the severity of CVE-2024-35152?

CVE-2024-35152 has a CVSS score of 6.5 (MEDIUM). This vulnerability in IBM Db2 allows authenticated users to cause denial of service through specially crafted queries that trigger improper memory allocation. It affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) version 11.5. Attackers need database credentials to exploit this issue.

📋 TL;DR

This vulnerability in IBM Db2 allows authenticated users to cause denial of service through specially crafted queries that trigger improper memory allocation. It affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) version 11.5. Attackers need database credentials to exploit this issue.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: 11.5

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated database access; all configurations with vulnerable versions are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service disruption requiring restart, potentially affecting all applications dependent on the Db2 instance.

🟠

Likely Case

Temporary service degradation or crash of specific database processes, requiring manual intervention to restore functionality.

🟢

If Mitigated

Minimal impact with proper query validation, memory monitoring, and restricted user privileges in place.

🌐 Internet-Facing: MEDIUM - While authentication is required, internet-facing Db2 instances with exposed credentials could be targeted.

🏢 Internal Only: HIGH - Authenticated users (including compromised accounts or malicious insiders) can exploit this from within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires only authenticated access and ability to execute crafted queries.

Exploitation requires database credentials; no public exploit code has been disclosed as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix pack as specified in IBM advisory (specific version depends on fix pack level)

Vendor Advisory: https://www.ibm.com/support/pages/node/7165342

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific fix pack requirements. 2. Download appropriate fix pack from IBM Fix Central. 3. Apply fix pack following IBM Db2 installation procedures. 4. Restart Db2 services to complete installation.

🔧 Temporary Workarounds

Restrict Query Execution Privileges

all

Limit which users can execute complex queries or use potentially dangerous SQL functions.

REVOKE EXECUTE ON PROCEDURE FROM USER <username>;
REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLE <tablename> FROM USER <username>;

Implement Query Monitoring

all

Monitor for unusual query patterns or memory-intensive operations.

db2pd -db <dbname> -dynamic
db2 get snapshot for database on <dbname>

🧯 If You Can't Patch

Implement strict access controls to limit authenticated users who can execute queries
Deploy network segmentation to isolate Db2 servers and monitor for anomalous query patterns

🔍 How to Verify

Check if Vulnerable:

Check Db2 version: db2level command output should show version 11.5 without appropriate fix pack applied.

Check Version:

db2level

Verify Fix Applied:

Verify fix pack installation: db2level should show fix pack level mentioned in IBM advisory as remediated.

📡 Detection & Monitoring

Log Indicators:

Database crash logs
Memory allocation errors in db2diag.log
Abnormal query termination events

Network Indicators:

Sudden drop in database connections
Increased failed authentication attempts preceding DoS

SIEM Query:

source="db2diag.log" AND ("memory allocation" OR "out of memory" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2024-35152

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-789

Published: August 14, 2024

Last Updated: November 4, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/292639 Vendor Advisory
https://www.ibm.com/support/pages/node/7165342 Vendor Advisory
https://security.netapp.com/advisory/ntap-20240912-0003/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35152, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Query Execution Privileges

Implement Query Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities