Lucene search

IbmCVELIST:CVE-2023-26022

HistoryApr 28, 2023 - 6:26 p.m.

CVE-2023-26022 IBM Db2 denial of service

2023-04-2818:26:55

CWE-20

ibm

www.cve.org

ibm

db2

vulnerability

denial of service

out of memory

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

41.0%

JSON

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DB2 for Linux, UNIX and Windows",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1, 11.1, 11.5"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/247868

security.netapp.com/advisory/ntap-20230511-0010/

www.ibm.com/support/pages/node/6985669

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

41.0%

JSON

Related for CVELIST:CVE-2023-26022