Volerion logoVolerion
Volerion logoVolerion

MonetDB Server Denial-of-Service Vulnerability in Merge Table Prune and Unionize Component

Vulnerability

A denial-of-service vulnerability has been identified in MonetDB Server version 11.49.1. The issue arises in the 'merge_table_prune_and_unionize' component, where attackers can cause the server to crash by using specially crafted SQL statements. This vulnerability can be reproduced in a Docker environment using the 'monetdb/monetdb:Dec2023' image.

Impact

Exploitation of this vulnerability leads to a crash of the MonetDB server process, causing a denial-of-service condition where the database server is no longer available to handle requests.

Reproduction

The vulnerability can be reproduced by creating merge tables and then executing a SELECT statement that triggers the 'merge_table_prune_and_unionize' function. This can be done manually or by using a script that automates the process. The issue has been documented in the GitHub repository for MonetDB.

Remediation

Users can update to the latest version of MonetDB Server, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
9.1
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.