IBM Db2 denial of service

Vulnerability

IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.1 and 11.5, all fix pack levels, are vulnerable to a denial of service when the database server compiles a specially crafted SQL query that uses a LIMIT clause [1]. The improper handling of the LIMIT clause during query compilation can cause the server process to crash. Version 10.5 is not affected [1].

Exploitation

An unauthenticated attacker with network access to the affected Db2 server can exploit this vulnerability by sending a specially crafted SQL query that includes a malformed or unexpected LIMIT clause [1]. The attacker does not require any prior authentication or special privileges. The exploit requires no user interaction beyond the submission of the malicious query.

Impact

Successful exploitation leads to a crash of the Db2 server process, resulting in a denial of service. This availability impact is rated CVSS 7.5 (High) with the vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) [1]. There is no impact on confidentiality or integrity.

Mitigation

IBM has released special builds containing interim fixes for this issue, available from Fix Central. Fixed versions are available for V11.1.4 FP7 (special build), V11.5.7 (special build), and V11.5.8 (special build) [1]. Customers can apply the appropriate special build to any affected fix pack level of the corresponding release to remediate the vulnerability [1]. Details on downloading the special builds are provided in the advisory [1].