CVE-2023-26021

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.1 and 11.5

Description The issue is related to insufficient input validation in the database management system, which can be exploited by a remote attacker to cause a denial of service. This can be achieved by sending a specially crafted SQL query using a LIMIT clause, potentially causing the server to crash.

Recommendations For versions 11.1 and 11.5, consider restricting the use of the LIMIT clause in SQL queries until a patch is available. As a temporary workaround, avoid using specially crafted SQL queries that may cause the server to crash. Restrict access to the database server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.