MonetDB Server Denial-of-Service Vulnerability in is_column_unique Component

A denial-of-service vulnerability has been identified in MonetDB Server version 11.49.1. The issue arises in the is_column_unique component, where attackers can cause the server to crash by sending crafted SQL statements. This vulnerability can be reproduced by creating a table and executing specific SQL queries that manipulate column uniqueness, leading to a server crash.

Impact

Exploitation of this vulnerability causes the MonetDB server process to crash, disrupting any active database sessions.

Reproduction

The vulnerability can be reproduced by creating a table and executing SQL queries that trigger the is_column_unique function. This can be done manually or by using a script. The issue can also be reproduced in a Docker container using the MonetDB/MonetDB:Dec2023 image. After running the container, the SQL injection can be executed using the MonetDB command-line client, mclient. The server crash can be verified by checking for the absence of the 'mserver5' process, which indicates that the server has crashed.

Remediation

Users can update to the latest version of MonetDB Server, where this vulnerability has been fixed.