CVE-2023-31623: 
Homebrew vulnerability analysis and mitigation

An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 was discovered that allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. The vulnerability was assigned CVE-2023-31623 and was initially reported on April 29, 2023 (CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and has a high impact on system availability while not affecting confidentiality or integrity (NVD). The issue specifically occurs in the mp_box_copy component when processing certain SQL statements, which can trigger a crash in the system (GitHub Issue).

When successfully exploited, this vulnerability can result in a complete Denial of Service (DoS) of the affected Virtuoso OpenSource system. The impact is primarily focused on system availability, with no direct effect on data confidentiality or integrity (Ubuntu Security).

Fixed versions of the software have been released for various distributions. Ubuntu has released fixes across multiple versions including 24.04 LTS (7.2.5.1+dfsg1-0.8ubuntu0.1~esm1), 23.10 (7.2.5.1+dfsg1-0.3ubuntu1.1), and other LTS versions. Debian has fixed the issue in version 7.2.12+dfsg-1 for sid and trixie releases (Ubuntu Security, Debian Security).