The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450
https://exchange.xforce.ibmcloud.com/vulnerabilities/73496
http://www-01.ibm.com/support/docview.wss?uid=swg21588098
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837