CVE-2023-30987: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5 was identified with a vulnerability (CVE-2023-30987) that could lead to denial of service conditions. The vulnerability was discovered in April 2023 and publicly disclosed in October 2023. The issue affects multiple database configurations across different operating systems and can be triggered by a specially crafted query on certain databases (IBM Advisory, NVD).

The vulnerability has received a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction. The vulnerability is classified under CWE-20 (Improper Input Validation) according to IBM's assessment (NVD).

Successful exploitation of this vulnerability could result in a denial of service condition affecting the availability of the IBM Db2 database system. The CVSS scoring indicates high impact on availability while confidentiality and integrity remain unaffected (NetApp Advisory).

IBM has released special builds containing interim fixes for affected versions: V10.5 FP11, V11.1.4 FP7, and V11.5.8. These special builds can be applied to any affected fixpack level of the appropriate release to remediate the vulnerability. No workarounds have been identified at this time (IBM Advisory).