CVE-2023-38727 — Improper Input Validation in IBM DB2

CWE-20 — Improper Input Validation9 documents4 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.1%

top 73.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedDec 4

Latest updateNov 4

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/db210.5.0.0 — 10.5.0.11+2

🔴Vulnerability Details

OSV

linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-raspi vulnerabilities↗2025-11-04

▶

OSV

linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities↗2025-10-28

▶

OSV

linux-aws-5.15 vulnerabilities↗2025-10-27

▶

OSV

linux-azure, linux-azure-5.15, linux-gcp-5.15 vulnerabilities↗2025-10-22

▶

OSV

linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-xilinx↗2025-10-20

▶