Primary

Context

OpenLink Virtuoso Denial-of-Service Vulnerability in jp_add Component

Vulnerability

A denial-of-service vulnerability has been identified in OpenLink Virtuoso Open Source version 7.2.11. The issue arises in the jp_add component, where attackers can cause a service disruption by sending crafted SQL statements. This vulnerability can be reproduced using the beta Docker image of Virtuoso 7.2.11.

Impact

Exploitation of this vulnerability leads to a crash of the Virtuoso database server, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by first removing any existing Docker container named 'virtdb_test'. Then, a new Docker container can be started with the Virtuoso 7.2.11 image, using 'dba' as the password. After the server has started, a simple SQL query can be executed to verify that the database is responsive. Once confirmed, the crafted SQL payload that exploits the vulnerability can be executed, causing the server to crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenLink Virtuoso Denial-of-Service Vulnerability in jp_add Component

Vulnerability

Impact

Reproduction

Affected Products

openlink virtuoso-opensource

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating