CVE-2024-57630

CVE-2024-57630 is a denial-of-service vulnerability in the exps_card component of MonetDB Server version 11.49.1. The flaw allows attackers to trigger a DoS condition through specially crafted SQL statements, as classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). It has a CVSS v3.1 base score of 7.5, reflecting high severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and significant impact on availability without affecting confidentiality or integrity.

Remote attackers without authentication can exploit this vulnerability by sending malicious SQL statements to a vulnerable MonetDB Server instance. Successful exploitation results in a denial of service, potentially crashing the server or exhausting resources, thereby disrupting legitimate database operations.

Details on the issue, including potential patches or workarounds, are documented in the MonetDB GitHub repository at https://github.com/MonetDB/MonetDB/issues/7439. Security practitioners should monitor this issue for official remediation guidance from the vendor.