VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 8, 2014· Updated May 6, 2026

CVE-2014-6097

CVE-2014-6097

Description

IBM DB2 9.7 and 9.8 are vulnerable to denial of service via a crafted ALTER TABLE statement, causing daemon crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM DB2 9.7 and 9.8 are vulnerable to denial of service via a crafted ALTER TABLE statement, causing daemon crash.

Vulnerability

IBM DB2 versions 9.7 before Fix Pack 10 and 9.8 through Fix Pack 5 on Linux, UNIX, and Windows are vulnerable to a denial-of-service condition. The vulnerability is triggered by a remote authenticated user executing a specially crafted ALTER TABLE statement. The attacker must have control privilege on the target table. [1]

Exploitation

An attacker with valid database credentials and control privilege on a table can send a crafted ALTER TABLE statement to the server. The statement causes the DB2 daemon to terminate abnormally, requiring a restart. No additional user interaction is needed beyond authentication. [1]

Impact

Successful exploitation results in a denial of service: the DB2 server crashes, making the database unavailable until restarted. The impact is limited to availability (CIA: availability only). No data corruption or unauthorized access is described. [1]

Mitigation

The fixed versions are DB2 9.7 Fix Pack 10 and DB2 9.8 Fix Pack 6 (or later). For 9.7, upgrade to FP10; for 9.8, upgrade to FP6. IBM's security bulletin provides details and links to download fixes. No workarounds are mentioned in the reference. [1]

References
  1. Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally. (CVE-2014-6097)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • IBM/Db23 versions
    cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
    • (no CPE)range: 9.7 before FP10, 9.8 through FP5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.