CVE-2024-57621

CVE-2024-57621 is a vulnerability in the GDKanalytical_correlation component of MonetDB Server version 11.47.11. The issue enables attackers to trigger a Denial of Service (DoS) condition through specially crafted SQL statements. It is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

The vulnerability can be exploited by any unauthenticated remote attacker with network access to the MonetDB Server. Exploitation requires low complexity and no user interaction, allowing attackers to send malicious SQL statements that crash the server and disrupt service availability. No privileges are needed, and there is no impact on confidentiality or integrity.

Mitigation details and further information are available in the referenced advisory at https://github.com/MonetDB/MonetDB/issues/7414.