Primary

Context

OpenLink Virtuoso Parallel SQL Component Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in OpenLink Virtuoso Open Source version 7.2.11, specifically within the 'sqlg_parallel_ts_seq' component. This issue allows attackers to disrupt service by executing crafted SQL statements that exploit the vulnerability.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the Virtuoso server to crash.

Reproduction

The vulnerability can be reproduced by creating a SQL file with a specific payload that exploits the 'sqlg_parallel_ts_seq' component. This payload can be executed using the 'isql' command-line interface after starting a Docker container with the vulnerable version of Virtuoso.

Remediation

Users can upgrade to OpenLink Virtuoso version 7.2.12 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenLink Virtuoso Parallel SQL Component Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

openlink virtuoso-opensource

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating