PT-2023-8444 · Ibm · Ibm Db2

Published

2023-12-07

Updated

2024-03-07

CVE-2023-50308

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) version 11.5

Description The issue is related to insufficient input validation when processing columnar tables, which could allow a remote attacker to cause a denial of service. This can occur when a statement is run on columnar tables by an authenticated user to the database.

Recommendations For IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) version 11.5, consider restricting access to columnar tables until a patch is available. As a temporary workaround, limit the execution of statements on columnar tables to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Resource Release

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-20

Related Identifiers

BDU:2024-00748

CVE-2023-50308

Affected Products

Ibm Db2

PT-2023-8444 · Ibm · Ibm Db2

CVE-2023-50308

Weakness Enumeration

Related Identifiers

Affected Products

References · 8