Vulnerabilities > CVE-2023-48952 - Deserialization of Untrusted Data vulnerability in Openlinksw Virtuoso 7.2.11

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

openlinksw

CWE-502

NVD

Published: 2023-11-29

Updated: 2023-11-30

Summary

An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

Vulnerable Configurations

Part	Description	Count
Application	Openlinksw Openlinksw Virtuoso 7.2.11	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://github.com/openlink/virtuoso-opensource/issues/1175