CVE-2024-57632

CVE-2024-57632 is a vulnerability in the is_column_unique component of MonetDB Server version 11.49.1. Published on January 14, 2025, it enables attackers to trigger a Denial of Service (DoS) condition by sending crafted SQL statements. The issue is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability impact.

Remote attackers with network access to the MonetDB server can exploit this vulnerability without authentication, privileges, or user interaction. By crafting and executing malicious SQL statements targeting the is_column_unique function, they can cause the server to crash or become unresponsive, leading to a DoS that disrupts database operations and services relying on the affected instance.

Mitigation details and further technical analysis are available in the referenced GitHub issue at https://github.com/MonetDB/MonetDB/issues/7441. Security practitioners should monitor for updates from MonetDB, as no specific patches were detailed in the initial CVE publication.