Volerion logoVolerion
Volerion logoVolerion

Openlink Virtuoso-Opensource Denial-of-Service Vulnerability in SQL Processing Component

Vulnerability

A denial-of-service vulnerability has been identified in Openlink Virtuoso-Opensource version 7.2.11. The issue arises in the 'dc_elt_size' component, where attackers can cause a crash by sending crafted SQL statements. This vulnerability can be reproduced using the Virtuoso Docker image version 7.2.11.

Impact

Exploitation of this vulnerability leads to a crash of the Virtuoso database server, causing a denial-of-service condition where the server becomes unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by creating a SQL file with a proof-of-concept payload that exploits the 'dc_elt_size' component. This payload can be executed using the 'isql' command-line interface after starting a Virtuoso server instance in a Docker container.

Remediation

Users can upgrade to Openlink Virtuoso-Opensource version 7.2.12 or later, where this issue has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
2.5
exploitability
6.1
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.