CVE-2023-47158: 
IBM Db2 vulnerability analysis and mitigation

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5 is affected by a vulnerability identified as CVE-2023-47158. The vulnerability was discovered and disclosed in January 2024, allowing an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query (IBM Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, and no user interaction, with potential to cause high impact to availability but no impact to confidentiality or integrity (NVD).

Successful exploitation of this vulnerability could allow an authenticated attacker with CONNECT privileges to cause a denial of service to the IBM DB2 database system, potentially disrupting database operations and availability (IBM Advisory, NetApp Advisory).

IBM has released special builds containing interim fixes for affected versions: V10.5 FP11, V11.1.4 FP7, and V11.5.9. These special builds can be applied to any affected fixpack level of the appropriate release to remediate the vulnerability. The fixes are available for download from IBM Fix Central (IBM Advisory).