Primary

Context

MonetDB Server Denial-of-Service Vulnerability in gc_col Component

Vulnerability

Patched

A denial-of-service vulnerability has been identified in MonetDB Server version 11.49.1. The issue arises in the gc_col component, where attackers can cause the server to crash by sending crafted SQL statements. This vulnerability can be reproduced by creating a merge table, starting a transaction, and then dropping specific columns, which triggers a server crash.

Impact

Exploitation of this vulnerability leads to a crash of the MonetDB server process, causing a denial-of-service condition where the database server is no longer available to handle requests.

Reproduction

The vulnerability can be reproduced by creating a merge table and then executing a series of SQL commands to drop certain columns. This sequence of actions causes the server to crash. The issue can also be reproduced using the Docker image 'monetdb/dev-builds:default'.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MonetDB Server Denial-of-Service Vulnerability in gc_col Component

Vulnerability

Impact

Reproduction

Affected Products

MonetDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating