Source: virtuoso-opensource X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for virtuoso-opensource. CVE-2023-48945[0]: | A stack overflow in openlink virtuoso-opensource v7.2.11 allows | attackers to cause a Denial of Service (DoS) via crafted SQL | statements. https://github.com/openlink/virtuoso-opensource/issues/1172 CVE-2023-48946[1]: | An issue in the box_mpy function of openlink virtuoso-opensource | v7.2.11 allows attackers to cause a Denial of Service (DoS) after | running a SELECT statement. https://github.com/openlink/virtuoso-opensource/issues/1178 CVE-2023-48947[2]: | An issue in the cha_cmp function of openlink virtuoso-opensource | v7.2.11 allows attackers to cause a Denial of Service (DoS) after | running a SELECT statement. https://github.com/openlink/virtuoso-opensource/issues/1179 CVE-2023-48948[3]: | An issue in the box_div function in openlink virtuoso-opensource | v7.2.11 allows attackers to cause a Denial of Service (DoS) after | running a SELECT statement. https://github.com/openlink/virtuoso-opensource/issues/1176 CVE-2023-48949[4]: | An issue in the box_add function in openlink virtuoso-opensource | v7.2.11 allows attackers to cause a Denial of Service (DoS) after | running a SELECT statement. https://github.com/openlink/virtuoso-opensource/issues/1173 CVE-2023-48950[5]: | An issue in the box_col_len function in openlink virtuoso-opensource | v7.2.11 allows attackers to cause a Denial of Service (DoS) after | running a SELECT statement. https://github.com/openlink/virtuoso-opensource/issues/1174 CVE-2023-48951[6]: | An issue in the box_equal function in openlink virtuoso-opensource | v7.2.11 allows attackers to cause a Denial of Service (DoS) after | running a SELECT statement. https://github.com/openlink/virtuoso-opensource/issues/1177 CVE-2023-48952[7]: | An issue in the box_deserialize_reusing function in openlink | virtuoso-opensource v7.2.11 allows attackers to cause a Denial of | Service (DoS) after running a SELECT statement. https://github.com/openlink/virtuoso-opensource/issues/1175 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-48945 https://www.cve.org/CVERecord?id=CVE-2023-48945 [1] https://security-tracker.debian.org/tracker/CVE-2023-48946 https://www.cve.org/CVERecord?id=CVE-2023-48946 [2] https://security-tracker.debian.org/tracker/CVE-2023-48947 https://www.cve.org/CVERecord?id=CVE-2023-48947 [3] https://security-tracker.debian.org/tracker/CVE-2023-48948 https://www.cve.org/CVERecord?id=CVE-2023-48948 [4] https://security-tracker.debian.org/tracker/CVE-2023-48949 https://www.cve.org/CVERecord?id=CVE-2023-48949 [5] https://security-tracker.debian.org/tracker/CVE-2023-48950 https://www.cve.org/CVERecord?id=CVE-2023-48950 [6] https://security-tracker.debian.org/tracker/CVE-2023-48951 https://www.cve.org/CVERecord?id=CVE-2023-48951 [7] https://security-tracker.debian.org/tracker/CVE-2023-48952 https://www.cve.org/CVERecord?id=CVE-2023-48952 Please adjust the affected versions in the BTS as needed.
