CVE-2023-47701: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5 is vulnerable to a denial of service attack that can be triggered with a specially crafted query. The vulnerability was assigned CVE-2023-47701 and IBM X-Force ID 266166. This security issue was disclosed in December 2023 and affects multiple versions of the database management system across different platforms (IBM Security).

The vulnerability has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in a complete loss of availability. The vulnerability is classified under CWE-20 (Improper Input Validation) according to IBM's assessment (NVD Database).

Successful exploitation of this vulnerability could lead to a denial of service condition in the affected IBM Db2 database systems. The attack specifically impacts system availability while not affecting confidentiality or integrity of the data (NetApp Advisory).

IBM has released special builds containing interim fixes for affected versions: V10.5 FP11, V11.1.4 FP7, and V11.5.8. These special builds can be applied to any affected fixpack level of the appropriate release to remediate the vulnerability. For V11.5.9, a separate update is available. No workarounds have been identified for this vulnerability (IBM Security).