CWE-467
Use of sizeof() on a Pointer Type
The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.
CVE-2025-33132 (GCVE-0-2025-33132)
Vulnerability from cvelistv5
Published
2025-10-27 23:57
Modified
2025-10-28 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-467 - Use of sizeof() on a Pointer Type
Summary
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DB2 High Performance Unload |
Version: 6.1.0.3 Version: 5.1.0.1 Version: 6.1.0.2 Version: 6.5 Version: 6.5.0.0 IF1 Version: 6.1.0.1 Version: 6.1 Version: 5.1 cpe:2.3:a:ibm:db2_high_performance_unload:6.1.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:5.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:6.1.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:6.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:6.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:6.5.0.0:interm_fix1:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:6.5.0.0:if1:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:6.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:6.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:5.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_high_performance_unload:5.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T13:53:17.971219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T13:53:31.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2_high_performance_unload:6.1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:5.1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:6.1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:6.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:6.5.0.0:interm_fix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:6.5.0.0:if1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:6.1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_high_performance_unload:5.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DB2 High Performance Unload",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.5"
},
{
"status": "affected",
"version": "6.5.0.0 IF1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.\u003c/p\u003e"
}
],
"value": "IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-467",
"description": "CWE-467 Use of sizeof() on a Pointer Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T23:57:12.201Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249336"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Please download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Fixes to common vulnerabilities found in IBM Db2 High Performance Unload",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33132",
"datePublished": "2025-10-27T23:57:12.201Z",
"dateReserved": "2025-04-15T17:51:11.506Z",
"dateUpdated": "2025-10-28T13:53:31.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Use expressions such as "sizeof(*pointer)" instead of "sizeof(pointer)", unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack.
No CAPEC attack patterns related to this CWE.