CVE-2023-30447: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5 was identified with a vulnerability (CVE-2023-30447) that could lead to denial of service conditions. The vulnerability was discovered and disclosed in July 2023, affecting multiple versions of the database management system across various platforms (IBM Advisory, NetApp Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability can be triggered by a specially crafted query on certain tables, potentially leading to a denial of service condition. The attack vector is network-accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (NVD).

When successfully exploited, this vulnerability can result in a denial of service condition, affecting the availability of the IBM Db2 database system. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity of the data (IBM Advisory).

IBM has released special builds containing interim fixes for affected versions. These builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.7, and V11.5.8. The fixes can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability (IBM Advisory).