CVE-2023-48947: 
Homebrew vulnerability analysis and mitigation

An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 was discovered that allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. The vulnerability was identified in November 2023 and assigned CVE-2023-48947 (NVD, MITRE).

The vulnerability exists in the cha_cmp function of Virtuoso Open-Source Edition version 7.2.11. The issue can be triggered by executing specially crafted SQL SELECT statements. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it is network accessible, requires low attack complexity, and can result in high availability impact (NVD).

When successfully exploited, this vulnerability can cause a denial of service condition in the Virtuoso database system. The impact primarily affects the availability of the service, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in version 7.2.12 of Virtuoso Open-Source Edition. Users are advised to upgrade to this version or later to mitigate the issue. Ubuntu has also released security updates for affected versions in their distributions (Ubuntu Notice).