MonetDB Server Denial-of-Service Vulnerability in exp_values_set_supertype Component

A denial-of-service vulnerability has been identified in MonetDB Server version 11.49.1. The issue arises in the exp_values_set_supertype component, where attackers can cause the server to crash by sending crafted SQL statements. This vulnerability can be reproduced by creating a merge table, adding a partition with specific values, and then executing the SQL commands, which triggers a server crash.

Impact

Exploitation of this vulnerability leads to a crash of the MonetDB server process, causing a denial-of-service condition where the database server is no longer available to handle requests.

Reproduction

The vulnerability can be reproduced by creating a merge table partitioned by values, then adding a partition with a range of specified values, including integers, strings, and function results. This sequence of actions causes the server to crash.

Remediation

Users can update to the latest version of MonetDB Server, where this vulnerability has been addressed.