IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.
References
| Link | Resource |
|---|---|
| https://www.ibm.com/support/pages/node/7257681 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Feb 2026, 19:57
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.ibm.com/support/pages/node/7257681 - Patch, Vendor Advisory | |
| CPE | cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* |
|
| First Time |
Ibm db2
Ibm |
03 Feb 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination. |
30 Jan 2026, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-30 22:15
Updated : 2026-02-05 19:57
NVD link : CVE-2025-36366
Mitre link : CVE-2025-36366
CVE.ORG link : CVE-2025-36366
JSON object : View
Products Affected
ibm
- db2
CWE
CWE-943
Improper Neutralization of Special Elements in Data Query Logic