CVE-2023-43020
First published: Wed Dec 20 2023(Updated: )
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM IBM® Db2® | <=10.5.0.11 | |
| IBM IBM® Db2® | <=11.1.4.7 | |
| IBM IBM® Db2® | <=11.5.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-43020.
What is the title of this vulnerability?
The title of this vulnerability is 'IBM Db2 for Linux UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service.'
What is the description of this vulnerability?
This vulnerability in IBM Db2 for Linux, UNIX and Windows allows attackers to perform a denial of service attack by using a specially crafted query.
Which versions of IBM Db2 are affected by this vulnerability?
IBM Db2 versions 10.5.0.11, 11.1.4.7, and 11.5.x are affected by this vulnerability.
What is the severity level of this vulnerability?
The severity level of this vulnerability is medium with a CVSS score of 6.5.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the IBM X-Force Exchange website and the IBM support pages. The links are provided in the references section.
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm ibm® db2®
- version/ibm ibm® db2®/10.5.0.11
- version/ibm ibm® db2®/11.1.4.7
- version/ibm ibm® db2®/11.5.x