What is the vulnerability ID of this issue?

The vulnerability ID is CVE-2023-26021.

What is the severity of CVE-2023-26021?

The severity of CVE-2023-26021 is high, with a severity value of 7.5.

Which software versions are affected by CVE-2023-26021?

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) versions 11.1 and 11.5 are affected.

Where can I find more information about CVE-2023-26021?

You can find more information about CVE-2023-26021 at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/247864), [Link 2](https://security.netapp.com/advisory/ntap-20230511-0010/), [Link 3](https://www.ibm.com/support/pages/node/6985681).

Vulnerability/
CVE-2023-26021

high

7.5

CWE

24/4/2023

28/4/2023

30/1/2025

CVE-2023-26021: IBM Db2 denial of service

Q: How can the vulnerability be exploited?

The vulnerability can be exploited by compiling a specially crafted SQL query using a LIMIT clause, which may cause the server to crash.

First published: Mon Apr 24 2023(Updated: )

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM DB2 Universal Database	>=11.1<11.1.4
IBM DB2 Universal Database	>=11.5<11.5.8
IBM DB2 Universal Database	=11.1.4
IBM DB2 Universal Database	=11.1.4-fp1
IBM DB2 Universal Database	=11.1.4-fp2
IBM DB2 Universal Database	=11.1.4-fp3
IBM DB2 Universal Database	=11.1.4-fp4
IBM DB2 Universal Database	=11.1.4-fp5
IBM DB2 Universal Database	=11.1.4-fp6
Linux Kernel
Microsoft Windows Operating System

Remedy

https://www.ibm.com/support/pages/node/6985681

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6985681

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2023-26021.
What is the severity of CVE-2023-26021?
The severity of CVE-2023-26021 is high, with a severity value of 7.5.
Which software versions are affected by CVE-2023-26021?
IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) versions 11.1 and 11.5 are affected.
How can the vulnerability be exploited?
The vulnerability can be exploited by compiling a specially crafted SQL query using a LIMIT clause, which may cause the server to crash.
Where can I find more information about CVE-2023-26021?
You can find more information about CVE-2023-26021 at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/247864), [Link 2](https://security.netapp.com/advisory/ntap-20230511-0010/), [Link 3](https://www.ibm.com/support/pages/node/6985681).

agent/type
agent/weakness
agent/author
agent/remedy
collector/mitre-cve
source/MITRE
collector/ibm-support
source/IBM
agent/first-publish-date
agent/description
agent/source
agent/title
agent/last-modified-date
agent/references
agent/severity
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm db2 universal database
version/ibm db2 universal database/11.1
version/ibm db2 universal database/11.5
version/ibm db2 universal database/11.1.4
version/ibm db2 universal database/11.1.4-fp1
version/ibm db2 universal database/11.1.4-fp2
version/ibm db2 universal database/11.1.4-fp3
version/ibm db2 universal database/11.1.4-fp4
version/ibm db2 universal database/11.1.4-fp5
version/ibm db2 universal database/11.1.4-fp6
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows operating system