Primary

Context

OpenLink Virtuoso Denial-of-Service Vulnerability in dfe_n_in_order Component

Vulnerability

A denial-of-service vulnerability has been identified in OpenLink Virtuoso Open Source version 7.2.11. The issue arises in the dfe_n_in_order component, where attackers can cause a crash by sending specially crafted SQL statements. This vulnerability can be reproduced using the beta Docker image of Virtuoso 7.2.11.

Impact

Exploitation of this vulnerability leads to a crash of the Virtuoso database server, causing a denial-of-service condition where the server becomes unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by creating a SQL table and then executing an update statement that includes a complex case expression. This crafted SQL statement can be run using the isql command-line interface, which connects to the Virtuoso database server. The issue has been documented as GitHub Issue #1216.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenLink Virtuoso Denial-of-Service Vulnerability in dfe_n_in_order Component

Vulnerability

Impact

Reproduction

Affected Products

OpenLink Virtuoso

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating