CVE-2023-31615: 
Homebrew vulnerability analysis and mitigation

An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 was discovered that allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. The vulnerability was assigned CVE-2023-31615 and was initially reported on April 29, 2023. The vulnerability affects the Virtuoso Open-Source Edition database system version 7.2.9 (MITRE CVE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue specifically occurs in the chash_array component when processing certain SQL statements. The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) (NVD).

When successfully exploited, this vulnerability can lead to a Denial of Service condition, potentially making the Virtuoso database service unavailable to legitimate users. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, the availability impact is rated as High (Ubuntu Security).

The vulnerability has been fixed in version 7.2.12+dfsg-1 and later releases. Various Linux distributions have also released patched versions, including Ubuntu which has provided fixes through Ubuntu Pro and ESM Apps. For Ubuntu 24.04 LTS and 22.04 LTS, fixes are available via version 7.2.5.1+dfsg1-0.8ubuntu0.1~esm1 and 7.2.5.1+dfsg1-0.2ubuntu0.1~esm1 respectively (Ubuntu Security, Debian Tracker).