Volerion logoVolerion
Volerion logoVolerion

Openlink Virtuoso-Opensource Denial-of-Service Vulnerability in QST_VEC_GET_INT64 Component

Vulnerability

A denial-of-service vulnerability has been identified in Openlink Virtuoso-Opensource version 7.2.11. The issue arises in the 'qst_vec_get_int64' component, where attackers can cause a crash by executing crafted SQL statements. This vulnerability can be reproduced using the Virtuoso Docker image.

Impact

Exploitation of this vulnerability leads to a crash of the Virtuoso database server, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by running a Docker container with the Openlink Virtuoso-Opensource 7.2.11 image. After the server has started, a crafted SQL query that exploits the vulnerability can be executed using the 'isql' command-line interface. The SQL query should be saved to a file and then piped into the 'isql' command, which will send the query to the Virtuoso server. The server will crash, demonstrating the denial-of-service condition.

Remediation

Users can update to the latest version of Openlink Virtuoso-Opensource, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
2.5
exploitability
6.1
remediation
0.0
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.