Primary

Context

MonetDB Server Denial-of-Service Vulnerability in vscanf Component

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the vscanf component of MonetDB Server version 11.47.11. This issue allows attackers to cause the server to crash by sending specially crafted SQL statements. The vulnerability can be reproduced by executing a SQL query that improperly parses interval data, leading to a server crash.

Impact

Exploitation of this vulnerability causes the MonetDB server to crash, disrupting any active database sessions and requiring a manual restart of the server.

Reproduction

The vulnerability can be reproduced by running a specific SQL query that casts a crafted string as an interval. This query can be executed using the MonetDB command-line client, mclient, after setting up a MonetDB server instance in a Docker container with the appropriate version.

Remediation

A fix for this vulnerability has been implemented and is available in the MonetDB Dec2023-SP1 release.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MonetDB Server Denial-of-Service Vulnerability in vscanf Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MonetDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating