CVE-2023-31616: 
Homebrew vulnerability analysis and mitigation

An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 was discovered that allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. The vulnerability was disclosed on May 15, 2023, and has been assigned a CVSS v3.1 base score of 7.5 (High) (NVD).

The vulnerability exists in the bif_mod component and can be triggered by executing specially crafted SQL statements, particularly when using the MOD function with specific values. The issue manifests when attempting operations like 'SELECT MOD(-9223372036854775808, -1)'. The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (NVD, GitHub Issue).

When successfully exploited, this vulnerability can cause the Virtuoso database server to crash, resulting in a denial of service condition. The impact is limited to availability with no direct effect on confidentiality or integrity of the system (NVD).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has released fixes across multiple versions including 24.04 LTS, 23.10, 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM. The issue has been fixed in virtuoso-opensource version 7.2.12+dfsg-1 and later releases (Ubuntu Notice).