CVE-2023-48951

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions virtuoso-opensource version 7.2.11

Description The issue is related to the box equal function in virtuoso-opensource, which can be exploited by attackers to cause a Denial of Service (DoS) after running a SELECT statement. The vulnerability is associated with the incorrect implementation of the sequence of actions performed. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service.

Recommendations For virtuoso-opensource version 7.2.11, consider disabling the box equal function as a temporary workaround until a patch is available. Restrict access to the SELECT statement to minimize the risk of exploitation.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-841CWE-400

Related Identifiers

BDU:2024-02542

CVE-2023-48951

USN-6879-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Virtuoso-Opensource

CVE-2023-48951

Weakness Enumeration

Related Identifiers

Affected Products

References · 26