CVE-2024-51473 – IBM Db2 database servers are vulnerable to deni... (How to Fix)

Q: What is the severity of CVE-2024-51473?

CVE-2024-51473 has a CVSS score of 6.5 (MEDIUM). IBM Db2 database servers are vulnerable to denial of service attacks where a specially crafted query can cause the server to crash. This affects Db2 versions 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 on Linux, UNIX, and Windows systems.

📋 TL;DR

IBM Db2 database servers are vulnerable to denial of service attacks where a specially crafted query can cause the server to crash. This affects Db2 versions 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 on Linux, UNIX, and Windows systems.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All standard configurations are vulnerable. The vulnerability is in the core query processing engine.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database server crash leading to extended downtime and service disruption for all applications relying on the database.

🟠

Likely Case

Temporary service interruption requiring database restart, potentially causing application errors and brief downtime.

🟢

If Mitigated

Minimal impact with proper query validation and monitoring that can detect and block malicious queries before they reach the database.

🌐 Internet-Facing: MEDIUM - Internet-facing Db2 instances are at risk if query interfaces are exposed, but most production deployments have additional network protections.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this vulnerability to disrupt database services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires database access credentials to execute queries. The specific query structure needed to trigger the crash is not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory APAR IJ51830

Vendor Advisory: https://www.ibm.com/support/pages/node/7240944

Restart Required: Yes

Instructions:

1. Review IBM advisory APAR IJ51830. 2. Download appropriate fix pack for your Db2 version. 3. Apply fix following IBM installation procedures. 4. Restart Db2 services.

🔧 Temporary Workarounds

Query Filtering

all

Implement application-level query validation to reject suspicious or malformed queries before they reach the database.

Network Segmentation

all

Restrict database access to only trusted application servers and administrators.

🧯 If You Can't Patch

Implement strict database user privilege management to minimize accounts with query execution permissions.
Deploy database activity monitoring to detect and alert on unusual query patterns or crash events.

🔍 How to Verify

Check if Vulnerable:

Check Db2 version using 'db2level' command and compare against affected version ranges.

Check Version:

db2level | grep 'Product level'

Verify Fix Applied:

Verify fix by checking version after patch installation and confirming no crashes occur with normal query workloads.

📡 Detection & Monitoring

Log Indicators:

Db2 crash logs
Unexpected service termination events
Error messages related to query processing failures

Network Indicators:

Unusual query patterns from single sources
Multiple connection attempts followed by service disruption

SIEM Query:

source="db2*" AND ("crash" OR "abnormal termination" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2024-51473

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.07% exploit probability (21.4th percentile)

Published: July 29, 2025

Last Updated: August 13, 2025

🔗 References

https://www.ibm.com/support/pages/node/7240944 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51473, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Query Filtering

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities