What is the severity of CVE-2023-30991?

The severity of CVE-2023-30991 is high with a severity value of 7.5.

How does CVE-2023-30991 affect IBM Db2?

CVE-2023-30991 affects IBM Db2 for Linux, UNIX, and Windows versions 11.1.4.x and 11.5.x.

How can CVE-2023-30991 be exploited?

CVE-2023-30991 can be exploited using a specially crafted query.

Is there a fix available for CVE-2023-30991?

To fix CVE-2023-30991, update IBM Db2 for Linux, UNIX, and Windows versions 11.1 and 11.5 to the latest available version.

Vulnerability/
CVE-2023-30991

high

7.5

CWE

16/10/2023

2/8/2024

CVE-2023-30991: IBM Db2 denial of service

Q: What is the vulnerability description of CVE-2023-30991?

CVE-2023-30991 is a denial of service vulnerability in IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.1 and 11.5, which can be exploited with a specially crafted query.

First published: Mon Oct 16 2023(Updated: )

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Db2	>=11.5<=11.5.8
Ibm Db2	=11.1.4
Ibm Db2	=11.1.4-fp1
Ibm Db2	=11.1.4-fp2
Ibm Db2	=11.1.4-fp3
Ibm Db2	=11.1.4-fp4
Ibm Db2	=11.1.4-fp5
Ibm Db2	=11.1.4-fp6
Linux Linux kernel
Microsoft Windows
Opengroup Unix
IBM IBM® Db2®	<=11.1.4.x
IBM IBM® Db2®	<=11.5.x
All of
Any of
Ibm Db2	>=11.5<=11.5.8
Ibm Db2	=11.1.4
Ibm Db2	=11.1.4-fp1
Ibm Db2	=11.1.4-fp2
Ibm Db2	=11.1.4-fp3
Ibm Db2	=11.1.4-fp4
Ibm Db2	=11.1.4-fp5
Ibm Db2	=11.1.4-fp6
Any of
Linux Linux kernel
Microsoft Windows
Opengroup Unix

Remedy

https://www.ibm.com/support/pages/node/7047499

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7047499

Frequently Asked Questions

What is the severity of CVE-2023-30991?
The severity of CVE-2023-30991 is high with a severity value of 7.5.
How does CVE-2023-30991 affect IBM Db2?
CVE-2023-30991 affects IBM Db2 for Linux, UNIX, and Windows versions 11.1.4.x and 11.5.x.
What is the vulnerability description of CVE-2023-30991?
CVE-2023-30991 is a denial of service vulnerability in IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.1 and 11.5, which can be exploited with a specially crafted query.
How can CVE-2023-30991 be exploited?
CVE-2023-30991 can be exploited using a specially crafted query.
Is there a fix available for CVE-2023-30991?
To fix CVE-2023-30991, update IBM Db2 for Linux, UNIX, and Windows versions 11.1 and 11.5 to the latest available version.

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/event
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/title
agent/remedy
agent/last-modified-date
agent/weakness
agent/description
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
agent/trending
vendor/ibm
canonical/ibm db2
version/ibm db2/11.5
version/ibm db2/11.5.8
version/ibm db2/11.1.4
version/ibm db2/11.1.4-fp1
version/ibm db2/11.1.4-fp2
version/ibm db2/11.1.4-fp3
version/ibm db2/11.1.4-fp4
version/ibm db2/11.1.4-fp5
version/ibm db2/11.1.4-fp6
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows
vendor/opengroup
canonical/opengroup unix
canonical/ibm ibm® db2®
version/ibm ibm® db2®/11.1.4.x
version/ibm ibm® db2®/11.5.x