What is the vulnerability ID for this IBM Db2 vulnerability?

The vulnerability ID for this IBM Db2 vulnerability is CVE-2023-38720.

What is the severity of the IBM Db2 vulnerability with the ID CVE-2023-38720?

The severity of the IBM Db2 vulnerability with the ID CVE-2023-38720 is medium.

How can the IBM Db2 vulnerability with the ID CVE-2023-38720 be exploited?

The IBM Db2 vulnerability with the ID CVE-2023-38720 can be exploited by sending a specially crafted ALTER TABLE statement, leading to a denial of service condition.

What is the affected software for the IBM Db2 vulnerability with the ID CVE-2023-38720?

The affected software for the IBM Db2 vulnerability with the ID CVE-2023-38720 includes IBM Db2 for Linux, UNIX, and Windows versions 11.5 and 11.5, including Db2 Connect Server.

How can I mitigate the IBM Db2 vulnerability with the ID CVE-2023-38720?

To mitigate the IBM Db2 vulnerability with the ID CVE-2023-38720, apply the necessary security patches provided by IBM or upgrade to a non-vulnerable version.

Vulnerability/
CVE-2023-38720

high

7.5

CWE

16/10/2023

2/8/2024

CVE-2023-38720: IBM Db2 denial of service

First published: Mon Oct 16 2023(Updated: )

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Db2	>=11.5<11.5.8
Ibm Db2	=11.1.4
Ibm Db2	=11.1.4-fp1
Ibm Db2	=11.1.4-fp2
Ibm Db2	=11.1.4-fp3
Ibm Db2	=11.1.4-fp4
Ibm Db2	=11.1.4-fp5
Ibm Db2	=11.1.4-fp6
Linux Linux kernel
Microsoft Windows
Opengroup Unix
All of
Any of
Ibm Db2	>=11.5<11.5.8
Ibm Db2	=11.1.4
Ibm Db2	=11.1.4-fp1
Ibm Db2	=11.1.4-fp2
Ibm Db2	=11.1.4-fp3
Ibm Db2	=11.1.4-fp4
Ibm Db2	=11.1.4-fp5
Ibm Db2	=11.1.4-fp6
Any of
Linux Linux kernel
Microsoft Windows
Opengroup Unix
	<=11.1.4.x
	<=11.5.x

Remedy

https://www.ibm.com/support/pages/node/7047489

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7047489

Frequently Asked Questions

What is the vulnerability ID for this IBM Db2 vulnerability?
The vulnerability ID for this IBM Db2 vulnerability is CVE-2023-38720.
What is the severity of the IBM Db2 vulnerability with the ID CVE-2023-38720?
The severity of the IBM Db2 vulnerability with the ID CVE-2023-38720 is medium.
How can the IBM Db2 vulnerability with the ID CVE-2023-38720 be exploited?
The IBM Db2 vulnerability with the ID CVE-2023-38720 can be exploited by sending a specially crafted ALTER TABLE statement, leading to a denial of service condition.
What is the affected software for the IBM Db2 vulnerability with the ID CVE-2023-38720?
The affected software for the IBM Db2 vulnerability with the ID CVE-2023-38720 includes IBM Db2 for Linux, UNIX, and Windows versions 11.5 and 11.5, including Db2 Connect Server.
How can I mitigate the IBM Db2 vulnerability with the ID CVE-2023-38720?
To mitigate the IBM Db2 vulnerability with the ID CVE-2023-38720, apply the necessary security patches provided by IBM or upgrade to a non-vulnerable version.

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/title
agent/last-modified-date
agent/remedy
agent/weakness
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm db2
version/ibm db2/11.5
version/ibm db2/11.1.4
version/ibm db2/11.1.4-fp1
version/ibm db2/11.1.4-fp2
version/ibm db2/11.1.4-fp3
version/ibm db2/11.1.4-fp4
version/ibm db2/11.1.4-fp5
version/ibm db2/11.1.4-fp6
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows
vendor/opengroup
canonical/opengroup unix
canonical/ibm ibm® db2®
version/ibm ibm® db2®/11.1.4.x
version/ibm ibm® db2®/11.5.x