Primary

Context

MonetDB Server Denial-of-Service Vulnerability in GDKanalytical_correlation Component

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the GDKanalytical_correlation component of MonetDB Server version 11.47.11. This issue allows attackers to crash the server by using specially crafted SQL statements. The vulnerability can be reproduced in a Docker container running Ubuntu 20.04.

Impact

Exploitation of this vulnerability leads to a crash of the MonetDB server process, causing a denial-of-service condition where the server is unresponsive.

Reproduction

The vulnerability can be reproduced by creating a table with a specific SQL statement and then executing a DELETE statement that includes a correlation function in the WHERE clause. This process can be automated with a shell script that runs inside a Docker container.

Remediation

Users can upgrade to MonetDB's Dec2023-SP1 release, where this issue has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MonetDB Server Denial-of-Service Vulnerability in GDKanalytical_correlation Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MonetDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating