Primary

Context

MonetDB Server Denial-of-Service Vulnerability in BATcalcbetween_intern Component

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the BATcalcbetween_intern component of MonetDB Server version 11.47.11. This issue allows attackers to cause the server to crash by sending specially crafted SQL statements. The vulnerability can be reproduced in a Docker container running Ubuntu 20.04.

Impact

Exploitation of this vulnerability leads to a crash of the MonetDB server process, causing a denial-of-service condition where the server is unresponsive.

Reproduction

The vulnerability can be reproduced by creating a table and inserting values, including NULLs. Then, a DELETE statement can be executed that includes a subquery using the BETWEEN operator, crafted in a way that triggers the crash. This can be done manually or by using a script that automates the process.

Remediation

This vulnerability has been fixed in the Dec2023 branch of MonetDB.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MonetDB Server Denial-of-Service Vulnerability in BATcalcbetween_intern Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MonetDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating