Primary

Context

OpenLink Virtuoso Hash Comparison Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in OpenLink Virtuoso Open Source version 7.2.11. The issue arises in the 'itc_hash_compare' component, where attackers can cause a crash by sending specially crafted SQL statements. This vulnerability can be reproduced using the Virtuoso Docker image.

Impact

Exploitation of this vulnerability leads to a crash of the Virtuoso database server, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by running a Docker container with the OpenLink Virtuoso Open Source 7.2.11 image. After the server has started, the proof-of-concept SQL payload can be executed using the 'isql' command-line tool, which interfaces with the Virtuoso database. The crafted SQL statements, when processed by the database, trigger the denial-of-service condition by causing the server to crash.

Remediation

Users can update to the latest version of OpenLink Virtuoso to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenLink Virtuoso Hash Comparison Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

OpenLink Virtuoso

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating