CVE-2024-57634

CVE-2024-57634 is a vulnerability in the exp_copy component of MonetDB Server version 11.49.1 that enables attackers to trigger a Denial of Service (DoS) condition through specially crafted SQL statements. The issue has a CVSS v3.1 base score of 7.5, rated as High severity, with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network-based exploitation with low complexity, no authentication or user interaction required, and high impact on availability but no impact on confidentiality or integrity. It is associated with CWE-89 (Improper Neutralization of Special Elements used in an SQL Command).

Remote attackers without privileges can exploit this vulnerability by sending malicious SQL statements to a vulnerable MonetDB Server instance, causing it to crash or become unresponsive, resulting in a DoS. The attack requires no prior access or user involvement, making it accessible to unauthenticated adversaries over the network.

Details on the vulnerability, including potential mitigation steps, are documented in the project's GitHub issue tracker at https://github.com/MonetDB/MonetDB/issues/7435. Security practitioners should monitor this issue for official patches or workarounds from the MonetDB team.