CVE-2023-45178: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) version 11.5 CLI is vulnerable to a denial of service vulnerability identified as CVE-2023-45178. The vulnerability was disclosed in December 2023 and specifically affects the Client Windows platform, while Linux and Unix platforms are not affected (IBM Advisory).

The vulnerability has received a CVSS v3.1 Base Score of 7.5 (HIGH) from NIST with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while IBM assessed it with a Base Score of 6.5 (MEDIUM) and vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is related to the CLI (Command Line Interface) component and can be triggered by a specially crafted request (NVD).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition in the affected system. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (NetApp Advisory).

IBM has released special builds containing interim fixes (APARs DT239599 and DT259752) for affected versions 11.5.8 and 11.5.9. Special Build #42458 or later is available for V11.5.8, and Special Build #42449 or later for V11.5.9. No workarounds are available, making patch installation the only mitigation option (IBM Advisory).