First published: Fri Jul 07 2023(Updated: )
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Db2 | =10.5.0.11 | |
Ibm Db2 | =11.1.4.7 | |
IBM IBM® Db2® | =11.5 | |
HP HP-UX | ||
IBM AIX | ||
Linux Linux kernel | ||
Microsoft Windows | ||
Oracle Solaris | ||
<=10.5.0.11 | ||
<=11.1.4.7 | ||
<=11.5.x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-30431 is a vulnerability in IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5, where db2set is vulnerable to a buffer overflow.
The severity of CVE-2023-30431 is 8.4 (high).
CVE-2023-30431 is caused by improper bounds checking in the db2set command, allowing an attacker to overflow the buffer and execute arbitrary code.
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5 are affected by CVE-2023-30431.
To fix CVE-2023-30431, apply the necessary security patches provided by IBM.