CVE-2023-31611: 
Homebrew vulnerability analysis and mitigation

An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 was discovered that allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. The vulnerability was assigned CVE-2023-31611 and was initially reported on April 29, 2023, with a public disclosure on May 15, 2023 (MITRE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and has a high impact on system availability while not affecting confidentiality or integrity (NVD).

The vulnerability can result in a complete Denial of Service (DoS) of the affected system. When successfully exploited, attackers can cause the virtuoso-opensource service to crash through crafted SQL statements, potentially disrupting service availability (Ubuntu).

Fixed versions have been released for various distributions. Ubuntu has released patches for multiple versions including 24.04 LTS (7.2.5.1+dfsg1-0.8ubuntu0.1~esm1), 23.10 (7.2.5.1+dfsg1-0.3ubuntu1.1), and other LTS versions. Debian has fixed the issue in version 7.2.12+dfsg-1 for sid and trixie releases (Ubuntu, Debian).