IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.
Weakness
The product does not release or incorrectly releases a resource before it is made available for re-use.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Db2 | Ibm | 9.7.0.0 (including) | 9.7.0.0 (including) |
| Db2 | Ibm | 10.1.0.0 (including) | 10.1.0.0 (including) |
| Db2 | Ibm | 10.5.0.0 (including) | 10.5.0.0 (including) |
| Db2 | Ibm | 11.1.0.0 (including) | 11.1.0.0 (including) |
| Db2 | Ibm | 11.5.0.0 (including) | 11.5.0.0 (including) |
Potential Mitigations
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/125.html
- https://cwe.mitre.org/data/definitions/130.html
- https://cwe.mitre.org/data/definitions/131.html
- https://cwe.mitre.org/data/definitions/494.html
- https://cwe.mitre.org/data/definitions/495.html
- https://cwe.mitre.org/data/definitions/496.html
- https://cwe.mitre.org/data/definitions/666.html