Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Vulnerability Details

CVEID:   CVE-2015-8383
DESCRIPTION:   PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8381
DESCRIPTION:   The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8386
DESCRIPTION:   PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8388
DESCRIPTION:   PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8385
DESCRIPTION:   PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8387
DESCRIPTION:   PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8391
DESCRIPTION:   The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8390
DESCRIPTION:   PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-908: Use of Uninitialized Resource
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8393
DESCRIPTION:   pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
CWE:   CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2015-8395
DESCRIPTION:   PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8394
DESCRIPTION:   PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-2328
DESCRIPTION:   PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-19: Data Processing Errors
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2015-2327
DESCRIPTION:   PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-14155
DESCRIPTION:   PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2015-8392
DESCRIPTION:   PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2023-29258
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-45178
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-46167
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-47701
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 271193.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-43020
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2018-25032
DESCRIPTION:   zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CWE:   CWE-787: Out-of-bounds Write
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2002-0059
DESCRIPTION:   The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CWE:   CWE-415: Double Free
CVSS Source:   IBM X-Force
CVSS Base score:   7
CVSS Vector:  

CVEID:   CVE-2022-37434
DESCRIPTION:   zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CWE:   CWE-787: Out-of-bounds Write
CVSS Source:   IBM X-Force
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2023-40692
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-40687
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-38727
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-38003
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.
CVSS Source:   IBM X-Force
CVSS Base score:   7.2
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-1370
DESCRIPTION:   [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
CWE:   CWE-674: Uncontrolled Recursion
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-3171
DESCRIPTION:   protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.7
CVSS Vector:   (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-3509
DESCRIPTION:   A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   5.7
CVSS Vector:   (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-43642
DESCRIPTION:   snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-34462
DESCRIPTION:   Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a specially crafted client hello packet, a remote authenticated attacker could exploit this vulnerability to cause a OutOfMemoryError and so result in a denial of service condition.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-32731
DESCRIPTION:   gRPC could allow a remote attacker to obtain sensitive information, caused by a flaw when gRPC HTTP2 stack raised a header size exceeded error. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE:   CWE-440: Expected Behavior Violation
CVSS Source:   IBM X-Force
CVSS Base score:   7.4
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-3510
DESCRIPTION:   A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   5.7
CVSS Vector:   (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)