CVE-2023-31612

2023-05-1515:15:11

Debian Security Bug Tracker

security-tracker.debian.org

denial of service

sql statements

unix

dfe_qexp_list

cve-2023-31612

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

33.5%

JSON

An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

OSVersionArchitecturePackageVersionFilename
Debian12allvirtuoso-opensource<= 7.2.5.1+dfsg1-0.3virtuoso-opensource_7.2.5.1+dfsg1-0.3_all.deb
Debian11allvirtuoso-opensource<= 7.2.5.1+dfsg1-0.1virtuoso-opensource_7.2.5.1+dfsg1-0.1_all.deb
Debian999allvirtuoso-opensource< 7.2.12+dfsg-0.2virtuoso-opensource_7.2.12+dfsg-0.2_all.deb
Debian13allvirtuoso-opensource< 7.2.12+dfsg-0.2virtuoso-opensource_7.2.12+dfsg-0.2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	virtuoso-opensource	<= 7.2.5.1+dfsg1-0.3	virtuoso-opensource_7.2.5.1+dfsg1-0.3_all.deb
Debian	11	all	virtuoso-opensource	<= 7.2.5.1+dfsg1-0.1	virtuoso-opensource_7.2.5.1+dfsg1-0.1_all.deb
Debian	999	all	virtuoso-opensource	< 7.2.12+dfsg-0.2	virtuoso-opensource_7.2.12+dfsg-0.2_all.deb
Debian	13	all	virtuoso-opensource	< 7.2.12+dfsg-0.2	virtuoso-opensource_7.2.12+dfsg-0.2_all.deb