CVE-2023-31626: 
Homebrew vulnerability analysis and mitigation

An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 was discovered that allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. The vulnerability was identified in April 2023 and was assigned CVE-2023-31626 (CVE Mitre, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue is related to SQL injection (CWE-89) and specifically affects the gpf_notice component when processing certain SQL statements. The vulnerability can be triggered through crafted SQL queries involving MIN functions on VARCHAR columns (GitHub Issue).

When successfully exploited, this vulnerability can cause the Virtuoso Open-Source Edition to crash, resulting in a denial of service condition. The impact is particularly severe as it affects the availability of the database service, though there are no reported impacts on confidentiality or integrity (Ubuntu Security).

The vulnerability has been fixed in version 7.2.12+dfsg-1 of virtuoso-opensource. Various Linux distributions have released security updates to address this issue, including Ubuntu and Debian. Users are advised to upgrade to the latest version to mitigate this vulnerability (Debian Security).