CVE-2024-57629

CVE-2024-57629 is a vulnerability in the tail_type component of MonetDB Server version 11.49.1. It enables attackers to trigger a Denial of Service (DoS) condition through specially crafted SQL statements. The issue has a CVSS v3.1 base score of 7.5, rated as High severity, with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, no privileges or user interaction required, and a high impact on availability but no impact on confidentiality or integrity. It is associated with CWE-89 (Improper Neutralization of Special Elements used in an SQL Command).

Remote, unauthenticated attackers can exploit this vulnerability over the network by sending malicious SQL statements to a vulnerable MonetDB Server instance. Successful exploitation leads to a DoS, potentially crashing the server or consuming excessive resources, disrupting service availability for legitimate users.

Further details, including potential patches or workarounds, are documented in the advisory at https://github.com/MonetDB/MonetDB/issues/7472. Security practitioners should consult this GitHub issue for updates on remediation.