CVE-2024-57620

CVE-2024-57620 is a vulnerability in the trimchars component of MonetDB Server version 11.47.11. The issue allows attackers to trigger a Denial of Service (DoS) condition through crafted SQL statements. It is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

The vulnerability can be exploited by any remote attacker with network access to the MonetDB server, requiring no authentication, privileges, or user interaction. By sending specially crafted SQL statements, attackers can cause the server to crash or become unresponsive, leading to a DoS that disrupts database operations without affecting confidentiality or integrity.

Mitigation details are available in the referenced GitHub issue at https://github.com/MonetDB/MonetDB/issues/7417. Security practitioners should consult this advisory for patch information or workarounds specific to MonetDB Server v11.47.11.