CVE-2024-41761 – IBM Db2 databases on Linux, UNIX, and Windows (... (How to Fix)

Q: What is the severity of CVE-2024-41761?

CVE-2024-41761 has a CVSS score of 5.3 (MEDIUM). IBM Db2 databases on Linux, UNIX, and Windows (including Db2 Connect Server) versions 10.5, 11.1, and 11.5 can be crashed by a specially crafted query, causing denial of service. This affects database administrators and applications relying on these Db2 instances. The vulnerability requires an attacker to have database query execution privileges.

📋 TL;DR

IBM Db2 databases on Linux, UNIX, and Windows (including Db2 Connect Server) versions 10.5, 11.1, and 11.5 can be crashed by a specially crafted query, causing denial of service. This affects database administrators and applications relying on these Db2 instances. The vulnerability requires an attacker to have database query execution privileges.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: 10.5, 11.1, 11.5

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations of affected versions are vulnerable. The vulnerability is in the core Db2 query processing engine.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious actor with database access crashes production Db2 server, causing extended downtime for critical applications and data unavailability.

🟠

Likely Case

Accidental or intentional query from authorized user causes database service interruption, requiring restart and potentially causing transaction loss.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, allowing quick detection and recovery from service interruption.

🌐 Internet-Facing: MEDIUM - While exploitation requires database credentials, internet-facing Db2 instances with exposed query interfaces could be targeted by credential stuffing or compromised accounts.

🏢 Internal Only: MEDIUM - Internal users with database access could intentionally or accidentally trigger the crash, affecting business operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid database credentials to execute queries. The specially crafted query details are not publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory 7175947 for each affected version

Vendor Advisory: https://www.ibm.com/support/pages/node/7175947

Restart Required: Yes

Instructions:

1. Review IBM advisory 7175947 for specific fix details per version. 2. Download and apply the appropriate fix pack or interim fix from IBM Fix Central. 3. Restart Db2 database services. 4. Verify the fix by checking version and testing query functionality.

🔧 Temporary Workarounds

Restrict Database Access

all

Limit database user privileges to only necessary functions and implement strict access controls

REVOKE EXECUTE ON SPECIFIC PROCEDURE FROM USER;
GRANT MINIMUM_PRIVILEGES TO APPLICATION_USER;

Implement Query Monitoring

all

Monitor and alert on unusual query patterns or resource-intensive queries

db2pd -db <dbname> -dynamic
db2 get snapshot for database on <dbname>

🧯 If You Can't Patch

Implement network segmentation to isolate Db2 servers from untrusted networks
Enforce principle of least privilege for all database users and applications

🔍 How to Verify

Check if Vulnerable:

Check Db2 version: db2level command output showing 10.5, 11.1, or 11.5 without the fix applied

Check Version:

db2level

Verify Fix Applied:

Verify version after patching and ensure database remains stable during normal query operations

📡 Detection & Monitoring

Log Indicators:

Unexpected database crashes or restarts in db2diag.log
Error messages related to query processing failures
Abnormal termination of db2sysc process

Network Indicators:

Sudden drop in database connections
Application errors indicating database unavailability

SIEM Query:

source="db2diag.log" AND ("crash" OR "abnormal termination" OR "unexpected shutdown")

📊 Metadata

CVE ID: CVE-2024-41761

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-789

Published: November 23, 2024

Last Updated: January 31, 2025

🔗 References

https://www.ibm.com/support/pages/node/7175947 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41761, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Database Access

Implement Query Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities