Volerion logoVolerion
Volerion logoVolerion

OpenLink Virtuoso Denial-of-Service Vulnerability in Row Insert Cast Component

Vulnerability

A denial-of-service vulnerability has been identified in OpenLink Virtuoso Open Source version 7.2.11. The issue arises in the row_insert_cast component, where attackers can cause a service disruption by using specially crafted SQL statements. This vulnerability can be reproduced using the Virtuoso Docker image.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the Virtuoso server to crash.

Reproduction

The vulnerability can be reproduced by creating a SQL file with a specific payload that exploits the row_insert_cast component. This payload can be generated using a database management system fuzzer. After removing any existing Docker container named 'virtdb_test', a new container can be started with the Virtuoso image. Once the server is running, the SQL file can be executed using the isql command-line interface, which will trigger the denial-of-service condition by causing the Virtuoso server to crash.

Remediation

Users can update to the latest version of OpenLink Virtuoso to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
2.5
exploitability
6.1
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.