CVE-2023-48949

2023-11-2920:15:07

Debian Security Bug Tracker

security-tracker.debian.org

vulnerability

openlink virtuoso-opensource

dos

box_add

cve-2023-48949

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

OSVersionArchitecturePackageVersionFilename
Debian12allvirtuoso-opensource<= 7.2.5.1+dfsg1-0.3virtuoso-opensource_7.2.5.1+dfsg1-0.3_all.deb
Debian11allvirtuoso-opensource<= 7.2.5.1+dfsg1-0.1virtuoso-opensource_7.2.5.1+dfsg1-0.1_all.deb
Debian10allvirtuoso-opensource<= 6.1.6+dfsg2-4virtuoso-opensource_6.1.6+dfsg2-4_all.deb
Debian999allvirtuoso-opensource< 7.2.12+dfsg-0.2virtuoso-opensource_7.2.12+dfsg-0.2_all.deb
Debian13allvirtuoso-opensource< 7.2.12+dfsg-0.2virtuoso-opensource_7.2.12+dfsg-0.2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	virtuoso-opensource	<= 7.2.5.1+dfsg1-0.3	virtuoso-opensource_7.2.5.1+dfsg1-0.3_all.deb
Debian	11	all	virtuoso-opensource	<= 7.2.5.1+dfsg1-0.1	virtuoso-opensource_7.2.5.1+dfsg1-0.1_all.deb
Debian	10	all	virtuoso-opensource	<= 6.1.6+dfsg2-4	virtuoso-opensource_6.1.6+dfsg2-4_all.deb
Debian	999	all	virtuoso-opensource	< 7.2.12+dfsg-0.2	virtuoso-opensource_7.2.12+dfsg-0.2_all.deb
Debian	13	all	virtuoso-opensource	< 7.2.12+dfsg-0.2	virtuoso-opensource_7.2.12+dfsg-0.2_all.deb