Primary

Context

MonetDB Server Denial-of-Service Vulnerability in exps_card Component

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the exps_card component of MonetDB Server version 11.49.1. This issue allows attackers to cause the server to crash by sending crafted SQL statements. The vulnerability can be reproduced in a Docker environment using the MonetDB/MonetDB:Dec2023 image.

Impact

Exploitation of this vulnerability leads to a crash of the MonetDB server process, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by creating a SQL file with a specific DELETE statement that includes a subquery. This SQL file can then be executed using the MonetDB command-line client (mclient) within a Docker container running the affected MonetDB version.

Remediation

Users can update to the latest version of MonetDB where this issue has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MonetDB Server Denial-of-Service Vulnerability in exps_card Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MonetDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating