Volerion logoVolerion
Volerion logoVolerion

OpenLink Virtuoso Denial-of-Service Vulnerability in psiginfo Component

Vulnerability

A denial-of-service vulnerability has been identified in the psiginfo component of OpenLink Virtuoso Open Source Edition, specifically in version 7.2.11. This issue allows attackers to cause a crash by executing crafted SQL statements. The vulnerability can be reproduced using the OpenLink Virtuoso Docker image.

Impact

Exploitation of this vulnerability leads to a crash of the Virtuoso database server, causing a denial-of-service condition where the server becomes unresponsive.

Reproduction

The vulnerability can be reproduced by first removing any existing Docker container named 'virtdb_test' and then starting a new container with the OpenLink Virtuoso Docker image. After ensuring the server is running and responsive, the crafted SQL payload that triggers the denial-of-service condition can be executed via the Virtuoso SQL command-line interface (isql).

Remediation

Users can upgrade to OpenLink Virtuoso version 7.2.12 or later, where this issue has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
2.5
exploitability
6.6
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.