CVE-2023-46167

2023-12-0401:15:12

CWE-20

[email protected]

web.nvd.nist.gov

ibm

db2

linux

windows

unix

denial of service

vulnerability

x-force

269367

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.9%

JSON

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

Affected configurations

Nvd

Node

ibmdb2Range11.5.6–11.5.8

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

opengroupunixMatch-

VendorProductVersionCPE
ibmdb2*cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
opengroupunix-cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	*	cpe:2.3:a:ibm:db2::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
opengroup	unix	-	cpe:2.3:o:opengroup:unix:-:::::::*