IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 for Linux, UNIX, and Windows, including DB2 Connect Server, contain a resource allocation vulnerability (CWE-770). An authenticated user can trigger excessive resource consumption through a specially crafted SQL query, leading to denial of service conditions. The CVSS 3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, and requiring privileges but no user interaction. No official remediation or patch is currently documented.

The vulnerability allows an authenticated user to cause denial of service by exhausting system resources, impacting the availability of the IBM Db2 database service. There is no impact on confidentiality or integrity. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict authenticated user permissions to trusted individuals and monitor for unusual resource consumption patterns related to SQL queries. Avoid running untrusted or unnecessary SQL commands that could trigger resource exhaustion.