Main Vulnerability Database SB2026012675

SB2026012675 - IBM Db2 Big SQL on Cloud Pak for Data update for NPM package braces

Published: January 26, 2026

Security Bulletin ID SB2026012675

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Uncontrolled Memory Allocation (CVE-ID: CVE-2024-4068)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. A remote attacker can send "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7257978