CVE-2023-29255: 
IBM Db2 vulnerability analysis and mitigation

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5 was identified with a vulnerability tracked as CVE-2023-29255. The vulnerability was discovered and disclosed on April 27, 2023, affecting multiple versions of the DB2 database system. The issue involves a potential denial of service condition that occurs when compiling a variation of an anonymous block (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and can result in a complete loss of availability. The vulnerability is classified under CWE-20 (Improper Input Validation) (NVD).

When successfully exploited, this vulnerability can lead to a denial of service condition in the affected DB2 systems. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity of the data (NetApp Advisory).

IBM has released special builds containing interim fixes for this vulnerability. These are available for V10.5 FP11, V11.1.4 FP7, V11.5.7, and V11.5.8, which can be applied to any affected fixpack level of the appropriate release. The fixes can be downloaded from IBM Fix Central. No workarounds have been identified for this vulnerability (IBM Advisory).