CVE-2023-47141: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) version 11.5 contains a vulnerability that allows an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. The vulnerability was discovered and assigned CVE-2023-47141, with IBM X-Force ID 270264. The issue affects Db2 versions up to 11.5.9 across multiple platforms including Linux, AIX, and Windows (NVD, IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, and can result in high availability impact without affecting confidentiality or integrity (NVD).

Successful exploitation of this vulnerability could allow an authenticated attacker with CONNECT privileges to cause a denial of service condition in the affected Db2 database system. This could potentially disrupt database operations and affect system availability (IBM Advisory).

IBM has released special builds containing interim fixes for affected versions, specifically targeting V11.5.8 and V11.5.9. These special builds are available for various platforms including AIX 64-bit, Linux (32-bit and 64-bit), and Windows. The fixes can be downloaded from Fix Central under APAR DT244409. No workarounds have been identified for this vulnerability (IBM Advisory).