CVE-2023-28523: IBM Informix Dynamic Server buffer overflow

Q: What is the vulnerability ID of this IBM Informix Dynamic Server buffer overflow vulnerability?

The vulnerability ID is CVE-2023-28523.

Q: What is the severity of CVE-2023-28523?

The severity of CVE-2023-28523 is high with a CVSS score of 8.4.

Q: How does the IBM Informix Dynamic Server buffer overflow vulnerability occur?

The vulnerability occurs due to a heap buffer overflow caused by improper bounds checking.

Q: What can an attacker do with this vulnerability?

An attacker can exploit this vulnerability to execute arbitrary code.

Q: How can I fix the IBM Informix Dynamic Server buffer overflow vulnerability?

To fix the vulnerability, apply the necessary patches or updates provided by IBM.

Published Dec 9, 2023

Updated

IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.

Affected Software

5 affected componentsFixes available

IBM Cognos Analytics<=12.0.0-12.0.4

IBM Cognos Analytics<=11.2.0-11.2.4 FP5

IBM Informix Dynamic Server=12.10

IBM Informix Dynamic Server=14.10

IBM Informix Dynamic Server on Cloud Pak for Data

Event History

Dec 9, 2023

CVE Published

02:24 AM

Data Sourced

02:24 AM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7183676

Frequently Asked Questions

What is the vulnerability ID of this IBM Informix Dynamic Server buffer overflow vulnerability?

The vulnerability ID is CVE-2023-28523.

What is the severity of CVE-2023-28523?

The severity of CVE-2023-28523 is high with a CVSS score of 8.4.

How does the IBM Informix Dynamic Server buffer overflow vulnerability occur?

The vulnerability occurs due to a heap buffer overflow caused by improper bounds checking.

What can an attacker do with this vulnerability?