CVE-2024-57624

CVE-2024-57624 is a vulnerability in the exp_atom component of MonetDB Server version 11.49.1. The issue enables attackers to trigger a Denial of Service (DoS) condition through specially crafted SQL statements. It is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its impact on availability.

The vulnerability can be exploited remotely over the network by any unauthenticated attacker with low attack complexity and no need for user interaction. Successful exploitation disrupts the availability of the MonetDB Server, potentially causing it to crash or become unresponsive without affecting confidentiality or integrity.

Details on the vulnerability, including discussion of mitigation or patches, are available in the MonetDB GitHub issue at https://github.com/MonetDB/MonetDB/issues/7433, published on 2025-01-14.