What is CVE-2023-26022?

CVE-2023-26022 is a vulnerability in IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) that can lead to a denial of service by causing the server to crash when an Out of Memory occurs using the DBMS_OUTPUT module.

How severe is CVE-2023-26022?

CVE-2023-26022 has a severity value of 7.5, which is considered high.

Which versions of IBM Db2 are affected by CVE-2023-26022?

CVE-2023-26022 affects IBM Db2 versions 10.5, 11.1.4, 11.5, 11.1, and 11.5.8.

How can I fix CVE-2023-26022?

To fix CVE-2023-26022, apply the necessary patches and updates provided by IBM for the affected versions of Db2.

Where can I find more information about CVE-2023-26022?

You can find more information about CVE-2023-26022 on the IBM X-Force ID page (https://exchange.xforce.ibmcloud.com/vulnerabilities/247868) and the IBM support page (https://www.ibm.com/support/pages/node/6985669).

Vulnerability/
CVE-2023-26022

high

7.5

CWE

24/4/2023

28/4/2023

30/1/2025

CVE-2023-26022: IBM Db2 denial of service

First published: Mon Apr 24 2023(Updated: )

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM DB2 Universal Database	>=11.1<11.1.4
IBM DB2 Universal Database	>=11.5<11.5.8
IBM DB2 Universal Database	=10.5
IBM DB2 Universal Database	=10.5-fp1
IBM DB2 Universal Database	=10.5-fp10
IBM DB2 Universal Database	=10.5-fp2
IBM DB2 Universal Database	=10.5-fp3
IBM DB2 Universal Database	=10.5-fp3a
IBM DB2 Universal Database	=10.5-fp4
IBM DB2 Universal Database	=10.5-fp5
IBM DB2 Universal Database	=10.5-fp6
IBM DB2 Universal Database	=10.5-fp7
IBM DB2 Universal Database	=10.5-fp8
IBM DB2 Universal Database	=10.5-fp9
IBM DB2 Universal Database	=11.1.4
IBM DB2 Universal Database	=11.1.4-fp1
IBM DB2 Universal Database	=11.1.4-fp2
IBM DB2 Universal Database	=11.1.4-fp3
IBM DB2 Universal Database	=11.1.4-fp4
IBM DB2 Universal Database	=11.1.4-fp5
IBM DB2 Universal Database	=11.1.4-fp6
Linux Kernel
Microsoft Windows Operating System

Remedy

https://www.ibm.com/support/pages/node/6985669

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6985669

Frequently Asked Questions

What is CVE-2023-26022?
CVE-2023-26022 is a vulnerability in IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) that can lead to a denial of service by causing the server to crash when an Out of Memory occurs using the DBMS_OUTPUT module.
How severe is CVE-2023-26022?
CVE-2023-26022 has a severity value of 7.5, which is considered high.
Which versions of IBM Db2 are affected by CVE-2023-26022?
CVE-2023-26022 affects IBM Db2 versions 10.5, 11.1.4, 11.5, 11.1, and 11.5.8.
How can I fix CVE-2023-26022?
To fix CVE-2023-26022, apply the necessary patches and updates provided by IBM for the affected versions of Db2.
Where can I find more information about CVE-2023-26022?
You can find more information about CVE-2023-26022 on the IBM X-Force ID page (https://exchange.xforce.ibmcloud.com/vulnerabilities/247868) and the IBM support page (https://www.ibm.com/support/pages/node/6985669).

agent/type
agent/weakness
agent/author
agent/remedy
collector/mitre-cve
source/MITRE
collector/ibm-support
source/IBM
agent/first-publish-date
agent/title
agent/last-modified-date
agent/references
agent/severity
agent/description
agent/source
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm db2 universal database
version/ibm db2 universal database/11.1
version/ibm db2 universal database/11.5
version/ibm db2 universal database/10.5
version/ibm db2 universal database/10.5-fp1
version/ibm db2 universal database/10.5-fp10
version/ibm db2 universal database/10.5-fp2
version/ibm db2 universal database/10.5-fp3
version/ibm db2 universal database/10.5-fp3a
version/ibm db2 universal database/10.5-fp4
version/ibm db2 universal database/10.5-fp5
version/ibm db2 universal database/10.5-fp6
version/ibm db2 universal database/10.5-fp7
version/ibm db2 universal database/10.5-fp8
version/ibm db2 universal database/10.5-fp9
version/ibm db2 universal database/11.1.4
version/ibm db2 universal database/11.1.4-fp1
version/ibm db2 universal database/11.1.4-fp2
version/ibm db2 universal database/11.1.4-fp3
version/ibm db2 universal database/11.1.4-fp4
version/ibm db2 universal database/11.1.4-fp5
version/ibm db2 universal database/11.1.4-fp6
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows operating system