openlink virtuoso-opensource
Moderate fix1 remedy
cpe:2.3:a:openlinksw:virtuoso:*:*:*:*:*:*:*
Moderate fix1 remedy
- 7.2.11
OpenLink Virtuoso Denial-of-Service Vulnerability in SQL Statement Processing Component
Vulnerability
Patched
A denial-of-service vulnerability has been identified in OpenLink Virtuoso Open Source version 7.2.11. The issue arises in the 'dfe_inx_op_col_def_table' component, where attackers can cause a crash by executing specially crafted SQL statements. This vulnerability can be reproduced using the Virtuoso database management system's built-in SQL execution interface.
Impact
Exploitation of this vulnerability leads to a crash of the Virtuoso database server, causing a denial-of-service condition where the server becomes unresponsive or unavailable.
Reproduction
The vulnerability can be reproduced by creating a SQL file with a specific payload that exploits the issue in the 'dfe_inx_op_col_def_table' component. This crafted SQL statement can be executed using the 'isql' command-line interface, which is part of the Virtuoso database management system. The issue can also be reproduced using the OpenLink Virtuoso Docker image.
Remediation
Users can upgrade to the latest version of OpenLink Virtuoso to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
6.1remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.