Login Sign Up

CVE-2023-29255

7.5 HIGH
Denial of Service

📋 TL;DR

IBM DB2 databases on Linux, UNIX, and Windows can crash when compiling certain anonymous blocks, causing denial of service. This affects DB2 versions 10.5, 11.1, and 11.5, including Db2 Connect Server. Attackers could disrupt database availability by sending malicious queries.

💻 Affected Systems

Products:
  • IBM DB2 for Linux, UNIX and Windows
  • Db2 Connect Server
Versions: 10.5, 11.1, 11.5
Operating Systems: Linux, UNIX, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations running affected versions are vulnerable when compiling anonymous blocks.

📦 What is this software?

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service outage requiring restart, potentially disrupting critical business operations and causing data unavailability.

🟠

Likely Case

Database instance crashes when processing specific malicious queries, requiring manual restart and causing temporary service disruption.

🟢

If Mitigated

Minimal impact with proper network segmentation and query validation preventing malicious queries from reaching the database.

🌐 Internet-Facing: MEDIUM - Internet-facing DB2 instances could be targeted for DoS attacks, but exploitation requires specific query knowledge.
🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this to disrupt database services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to execute SQL queries against the database, typically requiring database credentials or application access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes from IBM: APAR IJ31766 for 11.5, IJ31767 for 11.1, IJ31768 for 10.5

Vendor Advisory: https://www.ibm.com/support/pages/node/6985687

Restart Required: Yes

Instructions:

1. Download appropriate fix from IBM Fix Central. 2. Apply fix following IBM documentation. 3. Restart DB2 instance. 4. Verify fix applied successfully.

🔧 Temporary Workarounds

Restrict anonymous block execution

all

Limit permissions for compiling and executing anonymous blocks to trusted users only

REVOKE EXECUTE ON PROCEDURE SYSPROC.ADMIN_COMMAND_DB2 FROM PUBLIC;
REVOKE EXECUTE ON PROCEDURE SYSPROC.DB2LK_GENERATE_DDL FROM PUBLIC;

Implement query filtering

all

Use application-level filtering or WAF to block suspicious anonymous block queries

🧯 If You Can't Patch

  • Implement strict network segmentation to limit database access to authorized applications only
  • Monitor for database crashes and implement automated restart procedures to minimize downtime

🔍 How to Verify

Check if Vulnerable:

Check DB2 version: db2level command. If version is 10.5, 11.1, or 11.5 without the fix applied, system is vulnerable.

Check Version:

db2level

Verify Fix Applied:

Verify fix applied: db2 "SELECT * FROM SYSIBMADM.REG_VARIABLES WHERE REG_VAR_NAME='IJ31766' OR REG_VAR_NAME='IJ31767' OR REG_VAR_NAME='IJ31768'"

📡 Detection & Monitoring

Log Indicators:

  • DB2 instance crashes or traps in db2diag.log
  • Error messages related to anonymous block compilation
  • Unexpected database restarts

Network Indicators:

  • Multiple failed anonymous block compilation attempts
  • Unusual SQL query patterns targeting anonymous blocks

SIEM Query:

source="db2diag.log" AND ("trap" OR "crash" OR "anonymous block")

📊 Metadata

CVE ID: CVE-2023-29255
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: April 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29255, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)