fkie_nvd - fkie_cve-2023-27559

fkie_cve-2023-27559

Vulnerability from fkie_nvd

Published

2023-04-26 20:15

Modified

2024-11-21 07:53

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249196	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230511-0010/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6985667	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249196	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230511-0010/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6985667	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3",
              "versionEndExcluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery.  IBM X-Force ID:  249196."
    }
  ],
  "id": "CVE-2023-27559",
  "lastModified": "2024-11-21T07:53:08.623",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-26T20:15:09.900",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249196"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985667"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CVE-2023-27559 (GCVE-0-2023-27559)

Vulnerability from cvelistv5

Published

2023-04-26 19:02

Modified

2024-11-21 18:43

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation