IBM Db2 denial of service
CVE-2023-40687

7.5HIGH

Key Information:

Vendor: IBM
Status: Db2 for Linux, UNIX and Windows
Vendor: CVE Published:; 4 December 2023

Summary

IBM DB2 for Linux, UNIX, and Windows, including Db2 Connect Server, is susceptible to a Denial of Service attack when a specially crafted RUNSTATS command is executed on an 8TB table. This exploitation can lead to service interruptions and operational downtime, putting database integrity and availability at risk. Organizations utilizing the affected versions should implement precautions and apply patches as they become available to mitigate potential disruptions.

Affected Version(s)

Db2 for Linux, UNIX and Windows 10.5, 11.1, 11.5

References

https://www.ibm.com/support/pages/node/7087149

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/264809

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2023
Vulnerability Reserved
Aug 18, 2023