CVE-2023-30443

Published: Dec 19, 2024Modified: Jan 31, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

Affected (9)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

9 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Ibm Db2	Version 10.5
Ibm Db2	Version 10.5
Ibm Db2	Version 10.5
Ibm Db2	Version 11.1
Ibm Db2	Version 11.1
Ibm Db2	Version 11.1
Ibm Db2	Version 11.5
Ibm Db2	Version 11.5
Ibm Db2	Version 11.5

Running on/with	Platform Versions
Hp Hp Ux	All versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions
Oracle Solaris	All versions

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (1)

https://www.ibm.com/support/pages/node/7010557

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.