What is CVE-2023-35012?

CVE-2023-35012 is a vulnerability in IBM Db2 for Linux, UNIX, and Windows 11.5 with a Federated configuration that allows a local user with SYSADM privileges to overflow a buffer and execute arbitrary code on the system.

How does CVE-2023-35012 affect IBM Db2?

CVE-2023-35012 affects IBM Db2 for Linux, UNIX, and Windows 11.5 with a Federated configuration.

What is the severity of CVE-2023-35012?

CVE-2023-35012 has a severity rating of 6.7, which is considered medium.

How can the CVE-2023-35012 vulnerability be exploited?

The CVE-2023-35012 vulnerability can be exploited by a local user with SYSADM privileges to overflow a buffer and execute arbitrary code on the system.

How can I fix the CVE-2023-35012 vulnerability?

To fix the CVE-2023-35012 vulnerability, update IBM Db2 for Linux, UNIX, and Windows to version 11.5.7 with special build level s2211170548 or 11.5.8 with special build level s2211250928 or later.

Vulnerability/
CVE-2023-35012

medium

6.7

CWE

119 787 121

10/7/2023

17/7/2023

5/11/2024

CVE-2023-35012: IBM Db2 code execution

First published: Mon Jul 10 2023(Updated: )

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM IBM® Db2®	=11.5
IBM AIX
Linux Linux kernel
Microsoft Windows
IBM IBM® Db2®	<=11.5.7 with special build level before s2211170548. The problem first fixed in s2211170548. 11.5.8 with special build level before s2211250928 . The problem first fixed in s2211250928.
All of
Ibm Db2	=11.5
Any of
IBM AIX
Linux Linux kernel
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7010747

Frequently Asked Questions

What is CVE-2023-35012?
CVE-2023-35012 is a vulnerability in IBM Db2 for Linux, UNIX, and Windows 11.5 with a Federated configuration that allows a local user with SYSADM privileges to overflow a buffer and execute arbitrary code on the system.
How does CVE-2023-35012 affect IBM Db2?
CVE-2023-35012 affects IBM Db2 for Linux, UNIX, and Windows 11.5 with a Federated configuration.
What is the severity of CVE-2023-35012?
CVE-2023-35012 has a severity rating of 6.7, which is considered medium.
How can the CVE-2023-35012 vulnerability be exploited?
The CVE-2023-35012 vulnerability can be exploited by a local user with SYSADM privileges to overflow a buffer and execute arbitrary code on the system.
How can I fix the CVE-2023-35012 vulnerability?
To fix the CVE-2023-35012 vulnerability, update IBM Db2 for Linux, UNIX, and Windows to version 11.5.7 with special build level s2211170548 or 11.5.8 with special build level s2211250928 or later.

collector/nvd-latest
collector/nvd-index
agent/author
agent/type
agent/first-publish-date
agent/references
agent/softwarecombine
agent/description
agent/title
agent/severity
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
collector/nvd-api
source/NVD
vendor/ibm
canonical/ibm ibm® db2®
version/ibm ibm® db2®/11.5
canonical/ibm aix
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows
version/ibm ibm® db2®/11.5.7 with special build level before s2211170548. the problem first fixed in s2211170548. 11.5.8 with special build level before s2211250928 . the problem first fixed in s2211250928.
canonical/ibm db2
version/ibm db2/11.5