CVE-2023-31619: 
Homebrew vulnerability analysis and mitigation

An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 was identified that allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. The vulnerability was discovered and reported on April 12, 2023, and was assigned CVE-2023-31619. The affected software is the Virtuoso Open-Source Edition version 7.2.9 (NVD, Ubuntu).

The vulnerability exists in the sch_name_to_object component and can be triggered through specially crafted SQL statements involving view operations. The issue has received a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-89 (SQL Injection) and can be exploited remotely with low attack complexity, requiring no privileges or user interaction (NVD).

When successfully exploited, this vulnerability can lead to a complete Denial of Service (DoS) condition in the affected Virtuoso Open-Source system. The CVSS metrics indicate that while there is no impact on confidentiality or integrity, the availability impact is rated as High, suggesting that the attack can cause a significant disruption to system resources (NVD).

Fixed versions have been released for various distributions. Ubuntu has addressed this vulnerability in multiple releases: version 7.2.5.1+dfsg1-0.8ubuntu0.1~esm1 for 24.04 LTS, version 7.2.5.1+dfsg1-0.3ubuntu1.1 for 23.10, and various ESM updates for older versions. Debian has fixed the issue in version 7.2.12+dfsg-1 for sid and trixie releases (Ubuntu, Debian).