CVE-2023-31613: 
Homebrew vulnerability analysis and mitigation

An issue in the _nssdatabase_lookup component of openlink virtuoso-opensource v7.2.9 was discovered that allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. The vulnerability was assigned CVE-2023-31613 and was published on May 15, 2023. The issue affects Virtuoso Open-Source Edition version 7.2.9 and earlier versions (NVD, Ubuntu Security).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based, requires low attack complexity, needs no privileges or user interaction, and has a significant impact on system availability. The vulnerability is classified as CWE-89 (SQL Injection) (NVD, Ubuntu Security).

When successfully exploited, this vulnerability can lead to a complete Denial of Service (DoS) of the affected system. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity. The high availability impact rating indicates that the attack can cause a total shutdown of the affected resource (Ubuntu Security).

Fixed versions have been released for various distributions. Ubuntu has released patches for versions 24.04 LTS (7.2.5.1+dfsg1-0.8ubuntu0.1~esm1), 23.10 (7.2.5.1+dfsg1-0.3ubuntu1.1), and 22.04 LTS (7.2.5.1+dfsg1-0.2ubuntu0.1~esm1). The issue has been fixed in Debian sid and trixie with version 7.2.12+dfsg-1 (Ubuntu Security Notice, Debian Security).