Primary

Context

OpenLink Virtuoso-Opensource Denial-of-Service Vulnerability in SQL Tree Hash Component

Vulnerability

A denial-of-service vulnerability has been identified in OpenLink Virtuoso-Opensource version 7.2.11. The issue arises in the SQL tree hash component, where attackers can cause a service disruption by sending crafted SQL statements. This vulnerability can be reproduced using the Virtuoso Docker image.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the Virtuoso server to crash.

Reproduction

The vulnerability can be reproduced by creating a SQL table and then executing a SELECT statement that includes a crafted SQL condition. This can be done using the Virtuoso command-line interface (isql) after starting a Virtuoso server instance in a Docker container.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenLink Virtuoso-Opensource Denial-of-Service Vulnerability in SQL Tree Hash Component

Vulnerability

Impact

Reproduction

Affected Products

openlink virtuoso-opensource

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating