Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-49828

CVE-2024-49828: IBM Db2 Denial of Service Vulnerability

CVE-2024-49828 is a denial of service vulnerability in IBM Db2 for Linux, UNIX and Windows that allows attackers to crash the server using specially crafted queries. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2024-49828 Overview

CVE-2024-49828 is a denial of service vulnerability in IBM Db2 for Linux, UNIX and Windows, including Db2 Connect Server. A remote attacker can crash the database server by submitting a specially crafted query. The flaw is associated with CWE-121: Stack-based Buffer Overflow and impacts availability without requiring authentication or user interaction.

The vulnerability affects Db2 versions 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2. IBM published a fix in advisory IBM Support Page.

Critical Impact

An unauthenticated network attacker can crash the Db2 server with a single crafted query, disrupting database services for all connected applications.

Affected Products

  • IBM Db2 for Linux, UNIX and Windows 10.5.0.0 through 10.5.0.11
  • IBM Db2 for Linux, UNIX and Windows 11.1.0 through 11.1.4.7
  • IBM Db2 for Linux, UNIX and Windows 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 (includes Db2 Connect Server)

Discovery Timeline

  • 2025-07-29 - CVE-2024-49828 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-49828

Vulnerability Analysis

CVE-2024-49828 is a denial of service flaw classified under CWE-121: Stack-based Buffer Overflow. Processing a specially crafted query causes the Db2 server process to terminate abnormally. Because Db2 typically runs as a centralized service for many applications, a single crash interrupts every dependent workload.

The vulnerability impacts availability only. There is no documented path to code execution, data disclosure, or integrity loss tied to this CVE. The attacker requires network access to the Db2 listener and the ability to submit a query. No authentication or user interaction is required for the crash to occur, which broadens the exposure on database servers reachable from application tiers or internal networks.

Root Cause

The root cause is improper handling of input on the stack during query processing, consistent with the CWE-121 classification. A crafted query drives the parser or query-execution path into a state that corrupts stack memory and terminates the engine. IBM has not published low-level technical details of the affected function or input field.

Attack Vector

The attack vector is network-based. An attacker sends a malicious query to the Db2 instance, typically over the DRDA listener on TCP port 50000 or a configured alternative. The query triggers the stack condition and crashes the database engine, forcing a restart and disconnecting active sessions. No verified public proof of concept is currently available. Refer to the IBM Support Page for vendor-supplied technical details.

Detection Methods for CVE-2024-49828

Indicators of Compromise

  • Unexpected Db2 instance crashes or db2sysc process termination followed by automatic restart
  • db2diag.log entries showing trap files, signal SIGSEGV, or stack-related diagnostic dumps during query execution
  • Repeated short-lived client connections from a single source followed by an engine restart
  • Application errors indicating broken database connections coinciding with Db2 service interruptions

Detection Strategies

  • Monitor db2diag.log and Db2 trap files (*.trap.txt) for crash signatures correlated with specific client IPs or SQL statements
  • Alert on Db2 service restarts and abnormal exits of the db2sysc process through host-based telemetry
  • Inspect network logs for unusual DRDA traffic patterns against TCP port 50000 from non-application hosts

Monitoring Recommendations

  • Forward Db2 diagnostic logs and OS process events into a SIEM or data lake for correlation across instances
  • Track query failure rates and connection reset spikes as leading indicators of exploitation attempts
  • Validate Db2 version inventory against the affected version ranges in the IBM advisory

How to Mitigate CVE-2024-49828

Immediate Actions Required

  • Apply the IBM-supplied fix pack or special build referenced in the IBM Support Page for your Db2 version
  • Restrict network access to the Db2 listener so only authorized application servers can reach it
  • Enforce authentication and least-privilege roles for all database accounts to reduce attacker reachability
  • Enable Db2 auto-restart and capture trap files for post-incident analysis

Patch Information

IBM has released fixes covering the affected Db2 version ranges. Administrators should upgrade to the remediated fix pack identified in the IBM advisory for 10.5, 11.1, 11.5, and 12.1 lines. The advisory is published at the IBM Support Page.

Workarounds

  • Place Db2 servers behind network segmentation and firewall rules that allow only known application-tier source addresses
  • Terminate untrusted client sessions and rate-limit anomalous query patterns at a database proxy where available
  • Increase logging verbosity in db2diag.log to capture diagnostic data on suspected crash-inducing queries until patches are applied

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne