CVE-2023-48945: 
Homebrew vulnerability analysis and mitigation

A stack overflow vulnerability was discovered in OpenLink Virtuoso-OpenSource version 7.2.11. The vulnerability, identified as CVE-2023-48945, allows attackers to cause a Denial of Service (DoS) condition through specially crafted SQL statements. The issue was reported on November 14, 2023, and was officially assigned a CVE ID on November 29, 2023 (CVE Details, NVD).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 7.5 (HIGH). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), and affects only the availability of the system (C:N/I:N/A:H) (NVD).

When successfully exploited, this vulnerability can lead to a complete denial of service of the Virtuoso database system. The attack specifically causes stack smashing, which results in the termination of the server process, making the database service unavailable to legitimate users (GitHub Issue).

The vulnerability has been fixed in version 7.2.12 of Virtuoso-OpenSource. Users are advised to upgrade to this version or later to mitigate the vulnerability. Various Linux distributions have also released security updates to address this issue, including Ubuntu and Debian (Debian Tracker).